Raise fortification level to 3

Fix bad way of reallocation when reading from stdin
2023-02-28 16:42:43 +01:00 · 2023-02-28 16:42:43 +01:00 · 684b717191
commit 684b717191
parent f46853a5d6
2 changed files with 103 additions and 5 deletions
--- a/autogen-fortify.patch
+++ b/autogen-fortify.patch
@ -0,0 +1,95 @@
 commit 772b282a4e858a27af610bcdcc8b66925cbf1a83
 Author: Tomas Korbar <tkorbar@redhat.com>
 Date:   Tue Feb 28 16:08:13 2023 +0100
    avoid GCC code analysis bug
 diff --git a/agen5/defLoad.c b/agen5/defLoad.c
 index 0215857..b687263 100644
 --- a/agen5/defLoad.c
 +++ b/agen5/defLoad.c
@@ -448,17 +448,28 @@ read_defs(void)
     FILE *        fp;
     def_input_mode_t in_mode = ready_def_input(&def_fname, &data_sz);
 +    /*
 +     * "ready_def_input" has a lot of side effects. It's possible that
 +     * there are no definitions, so "in_mode" is set to DONE and there's
 +     * nothing to do.
 +     */
     if (in_mode == INPUT_DONE)
         return;
     /*
      *  Allocate the space we need for our definitions.
 +     * "data_sz" was set by read_def_input to the size of the
 +     * definitions file (or 4096 if we're reading from a fifo file).
 +     * In that alternate case, we'll start the input size at 4096 bytes.
 +     * The allocation includes space for context and a NUL byte or two
      */
 -    rem_sz = data_sz+4+sizeof(*base_ctx);
 -    base_ctx = (scan_ctx_t *)AGALOC(rem_sz, "file buf");
 -    memset(VOIDP(base_ctx), 0, rem_sz);
 +    {
 +        size_t sz = data_sz + sizeof(long) + sizeof(*base_ctx);
 +        base_ctx = (scan_ctx_t *)AGALOC(sz, "file buf");
 +        memset(VOIDP(base_ctx), 0, sz);
 +    }
     base_ctx->scx_line = 1;
 -    rem_sz = data_sz;
 +    rem_sz = data_sz; // size available for storing def text
     /*
      *  Our base context will have its currency pointer set to this
@@ -482,6 +493,9 @@ read_defs(void)
         if (fp == NULL)
             AG_CANT(READ_DEF_OPEN, def_fname);
 +        /*
 +         * If we're emitting dependency information, then do so.
 +         */
         if (dep_fp != NULL)
             add_source_file(def_fname);
     }
@@ -516,8 +530,7 @@ read_defs(void)
          *  See if there is any space left
          */
         if (rem_sz == 0) {
 -            scan_ctx_t * p;
 -            off_t dataOff;
 +            off_t scan_off;
             /*
              *  IF it is a regular file, then we are done
@@ -527,24 +540,16 @@ read_defs(void)
             /*
              *  We have more data and we are out of space.
 -             *  Try to reallocate our input buffer.
 +             *  AGREALOC will succeed or not return.
              */
             data_sz += (rem_sz = 0x1000);
 -            dataOff = data - base_ctx->scx_data;
 -            p = AGREALOC(VOIDP(base_ctx), data_sz + 4 + sizeof(*base_ctx),
 -                         "expand f buf");
 +            scan_off = data - base_ctx->scx_data;
 +            base_ctx = AGREALOC(VOIDP(base_ctx), data_sz + 4 + sizeof(*base_ctx),
 +                                "expand f buf");
 -            /*
 -             *  The buffer may have moved.  Set the data pointer at an
 -             *  offset within the new buffer and make sure our base pointer
 -             *  has been corrected as well.
 -             */
 -            if (p != base_ctx) {
 -                p->scx_scan = \
 -                    p->scx_data = (char *)(p + 1);
 -                data = p->scx_data + dataOff;
 -                base_ctx = p;
 -            }
 +            base_ctx->scx_scan = \
 +                base_ctx->scx_data = (char *)(base_ctx + 1);
 +            data = base_ctx->scx_data + scan_off;
         }
     }
--- a/autogen.spec
+++ b/autogen.spec
@ -1,11 +1,7 @@
 %define _fortify_level 2
 # untill this https://bugzilla.redhat.com/show_bug.cgi?id=2173623 is
 # resolved, we will keep fortification on level 2
 Summary:	Automated text file generator
 Name:		autogen
 Version:	5.18.16
-Release:	14%{?dist}
+Release:	15%{?dist}
 # Some files are licensed under GPLv2+.
 # We redistribute them under GPLv3+.
 License:	GPLv3+
@ -17,6 +13,8 @@ Patch0:		autogen-multilib.patch
 # Fix gcc error on overlapping strings
 Patch1:		autogen-overlap.patch
 Patch2:		autogen-configure-c99.patch
 # https://sourceforge.net/p/autogen/bugs/212/
 Patch3:		autogen-fortify.patch
 Requires:	%{name}-libopts%{?_isa} = %{version}-%{release}
@ -74,6 +72,7 @@ This package contains development files for libopts.
 %patch0 -p1 -b .multilib
 %patch1 -p1 -b .overlap
 %patch2 -p1
 %patch3 -p1 -b .fortify
 # Disable failing test
 sed -i 's|errors.test||' autoopts/test/Makefile.in
@ -150,6 +149,10 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 %{_includedir}/autoopts/usage-txt.h
 %changelog
 * Tue Feb 28 2023 Tomas Korbar <tkorbar@redhat.com> - 5.18.16-15
 - Raise fortification level to 3
 - Fix bad way of reallocation when reading from stdin
 * Mon Feb 27 2023 Tomas Korbar <tkorbar@redhat.com> - 5.18.16-14
 - Lower fortification level to 2
 - Resolves: rhbz#2171445