fixing bz 189666
This commit is contained in:
parent
a0b06dac5a
commit
1da091620f
280
cscope-15.5-putstring-overflow.patch
Normal file
280
cscope-15.5-putstring-overflow.patch
Normal file
@ -0,0 +1,280 @@
|
||||
--- cscope-15.5/src/find.c.stack 2006-06-23 16:00:34.000000000 -0400
|
||||
+++ cscope-15.5/src/find.c 2006-06-23 16:00:47.000000000 -0400
|
||||
@@ -184,7 +184,7 @@ find_symbol_or_assignment(char *pattern,
|
||||
|
||||
(void) scanpast('\t'); /* find the end of the header */
|
||||
skiprefchar(); /* skip the file marker */
|
||||
- putstring(file); /* save the file name */
|
||||
+ putstring(file, PATHLEN); /* save the file name */
|
||||
(void) strcpy(function, global);/* set the dummy global function name */
|
||||
(void) strcpy(macro, global);/* set the dummy global macro name */
|
||||
|
||||
@@ -216,7 +216,7 @@ find_symbol_or_assignment(char *pattern,
|
||||
|
||||
/* save the name */
|
||||
skiprefchar();
|
||||
- putstring(file);
|
||||
+ putstring(file, PATHLEN);
|
||||
|
||||
/* check for the end of the symbols */
|
||||
if (*file == '\0') {
|
||||
@@ -255,7 +255,7 @@ find_symbol_or_assignment(char *pattern,
|
||||
}
|
||||
/* save the name */
|
||||
skiprefchar();
|
||||
- putstring(s);
|
||||
+ putstring(s, PATHLEN);
|
||||
|
||||
/* see if this is a regular expression pattern */
|
||||
if (isregexp_valid == YES) {
|
||||
@@ -293,7 +293,7 @@ find_symbol_or_assignment(char *pattern,
|
||||
|
||||
if (isalpha((unsigned char)firstchar) || firstchar == '_') {
|
||||
blockp = cp;
|
||||
- putstring(symbol);
|
||||
+ putstring(symbol, PATHLEN);
|
||||
if (caseless == YES) {
|
||||
s = lcasify(symbol); /* point to lower case version */
|
||||
}
|
||||
@@ -382,7 +382,7 @@ finddef(char *pattern)
|
||||
|
||||
case NEWFILE:
|
||||
skiprefchar(); /* save file name */
|
||||
- putstring(file);
|
||||
+ putstring(file, PATHLEN);
|
||||
if (*file == '\0') { /* if end of symbols */
|
||||
return NULL;
|
||||
}
|
||||
@@ -412,21 +412,36 @@ finddef(char *pattern)
|
||||
}
|
||||
/* find all function definitions (used by samuel only) */
|
||||
|
||||
+static void blow_up(int line)
|
||||
+{
|
||||
+ fprintf(stderr,"STACK CORRUPTION AT %d\n",line);
|
||||
+ abort();
|
||||
+}
|
||||
+
|
||||
+#define CHECK_STACK() do { if(test != (unsigned int)&test) {\
|
||||
+blow_up(__LINE__);\
|
||||
+}} while(0)
|
||||
+
|
||||
char *
|
||||
findallfcns(char *dummy)
|
||||
{
|
||||
+ volatile unsigned int test = 0;
|
||||
char file[PATHLEN + 1]; /* source file name */
|
||||
char function[PATLEN + 1]; /* function name */
|
||||
-
|
||||
+ char oldblockp;
|
||||
(void) dummy; /* unused argument */
|
||||
|
||||
/* find the next file name or definition */
|
||||
+ test = (unsigned int)&test;
|
||||
while (scanpast('\t') != NULL) {
|
||||
+ CHECK_STACK();
|
||||
+ oldblockp=*blockp;
|
||||
switch (*blockp) {
|
||||
|
||||
case NEWFILE:
|
||||
skiprefchar(); /* save file name */
|
||||
- putstring(file);
|
||||
+ putstring(file, PATHLEN);
|
||||
+ CHECK_STACK();
|
||||
if (*file == '\0') { /* if end of symbols */
|
||||
return NULL;
|
||||
}
|
||||
@@ -440,8 +455,7 @@ findallfcns(char *dummy)
|
||||
case FCNDEF:
|
||||
case CLASSDEF:
|
||||
skiprefchar(); /* save function name */
|
||||
- putstring(function);
|
||||
-
|
||||
+ putstring(function, PATHLEN);
|
||||
/* output the file, function and source line */
|
||||
putref(0, file, function);
|
||||
break;
|
||||
@@ -483,7 +497,7 @@ findcalling(char *pattern)
|
||||
|
||||
case NEWFILE: /* save file name */
|
||||
skiprefchar();
|
||||
- putstring(file);
|
||||
+ putstring(file, PATHLEN);
|
||||
if (*file == '\0') { /* if end of symbols */
|
||||
return NULL;
|
||||
}
|
||||
@@ -494,7 +508,7 @@ findcalling(char *pattern)
|
||||
case DEFINE: /* could be a macro */
|
||||
if (fileversion >= 10) {
|
||||
skiprefchar();
|
||||
- putstring(macro);
|
||||
+ putstring(macro, PATHLEN);
|
||||
}
|
||||
break;
|
||||
|
||||
@@ -504,7 +518,7 @@ findcalling(char *pattern)
|
||||
|
||||
case FCNDEF: /* save calling function name */
|
||||
skiprefchar();
|
||||
- putstring(function);
|
||||
+ putstring(function, PATHLEN);
|
||||
for (i = 0; i < morefuns; i++)
|
||||
if ( !strcmp(tmpfunc[i], function) )
|
||||
break;
|
||||
@@ -639,7 +653,7 @@ findinclude(char *pattern)
|
||||
|
||||
case NEWFILE: /* save file name */
|
||||
skiprefchar();
|
||||
- putstring(file);
|
||||
+ putstring(file, PATHLEN);
|
||||
if (*file == '\0') { /* if end of symbols */
|
||||
return NULL;
|
||||
}
|
||||
@@ -790,7 +804,7 @@ match(void)
|
||||
|
||||
/* see if this is a regular expression pattern */
|
||||
if (isregexp_valid == YES) {
|
||||
- putstring(string);
|
||||
+ putstring(string, PATHLEN);
|
||||
if (*string == '\0') {
|
||||
return(NO);
|
||||
}
|
||||
@@ -940,26 +954,29 @@ putline(FILE *output)
|
||||
/* put the rest of the cross-reference line into the string */
|
||||
|
||||
void
|
||||
-putstring(char *s)
|
||||
+putstring(char *s, int length)
|
||||
{
|
||||
char *cp;
|
||||
unsigned c;
|
||||
-
|
||||
+ int i=0;
|
||||
setmark('\n');
|
||||
cp = blockp;
|
||||
do {
|
||||
- while ((c = (unsigned)(*cp)) != '\n') {
|
||||
+ while (((c = (unsigned)(*cp)) != '\n') && (i<length)) {
|
||||
if (c > '\177') {
|
||||
c &= 0177;
|
||||
*s++ = dichar1[c / 8];
|
||||
*s++ = dichar2[c & 7];
|
||||
+ i+=2;
|
||||
}
|
||||
else {
|
||||
*s++ = c;
|
||||
+ i++;
|
||||
}
|
||||
++cp;
|
||||
}
|
||||
- } while (*(cp + 1) == '\0' && (cp = readblock()) != NULL);
|
||||
+ } while (((*(cp + 1) == '\0' && (cp = readblock()) != NULL)) &&
|
||||
+ (i < length));
|
||||
blockp = cp;
|
||||
*s = '\0';
|
||||
}
|
||||
@@ -1059,7 +1076,7 @@ findcalledby(char *pattern)
|
||||
|
||||
case NEWFILE:
|
||||
skiprefchar(); /* save file name */
|
||||
- putstring(file);
|
||||
+ putstring(file, PATHLEN);
|
||||
if (*file == '\0') { /* if end of symbols */
|
||||
return(&found_caller);
|
||||
}
|
||||
@@ -1194,7 +1211,7 @@ putpostingref(POSTING *p, char *pat)
|
||||
if (p->type == FCNDEF) { /* need to find the function name */
|
||||
if (dbseek(p->lineoffset) != -1) {
|
||||
scanpast(FCNDEF);
|
||||
- putstring(function);
|
||||
+ putstring(function, PATHLEN);
|
||||
}
|
||||
}
|
||||
else if (p->type != FCNCALL) {
|
||||
@@ -1203,7 +1220,7 @@ putpostingref(POSTING *p, char *pat)
|
||||
}
|
||||
else if (p->fcnoffset != lastfcnoffset) {
|
||||
if (dbseek(p->fcnoffset) != -1) {
|
||||
- putstring(function);
|
||||
+ putstring(function, PATHLEN);
|
||||
lastfcnoffset = p->fcnoffset;
|
||||
}
|
||||
}
|
||||
--- cscope-15.5/src/global.h.stack 2006-06-23 16:01:31.000000000 -0400
|
||||
+++ cscope-15.5/src/global.h 2006-06-23 16:02:55.000000000 -0400
|
||||
@@ -370,7 +370,7 @@ void postmsg(char *msg);
|
||||
void postmsg2(char *msg);
|
||||
void posterr(char *msg,...);
|
||||
void putposting(char *term, int type);
|
||||
-void putstring(char *s);
|
||||
+void putstring(char *s, int length);
|
||||
void resetcmd(void);
|
||||
void seekline(int line);
|
||||
void setfield(void);
|
||||
--- cscope-15.5/src/build.c.stack 2003-03-05 05:43:59.000000000 -0500
|
||||
+++ cscope-15.5/src/build.c 2006-06-23 16:00:47.000000000 -0400
|
||||
@@ -82,7 +82,7 @@ static void copyinverted(void);
|
||||
static char *getoldfile(void);
|
||||
static void movefile(char *new, char *old);
|
||||
static void putheader(char *dir);
|
||||
-static void putinclude(char *s);
|
||||
+static void putinclude(char *s, int len);
|
||||
static void putlist(char **names, int count);
|
||||
static BOOL samelist(FILE *oldrefs, char **names, int count);
|
||||
|
||||
@@ -512,7 +512,7 @@ getoldfile(void)
|
||||
do {
|
||||
if (*blockp == NEWFILE) {
|
||||
skiprefchar();
|
||||
- putstring(file);
|
||||
+ putstring(file, PATHLEN);
|
||||
if (file[0] != '\0') { /* if not end-of-crossref */
|
||||
return(file);
|
||||
}
|
||||
@@ -614,7 +614,7 @@ copydata(void)
|
||||
/* look for an #included file */
|
||||
if (*cp == INCLUDE) {
|
||||
blockp = cp;
|
||||
- putinclude(symbol);
|
||||
+ putinclude(symbol, PATHLEN);
|
||||
writestring(symbol);
|
||||
setmark('\t');
|
||||
cp = blockp;
|
||||
@@ -666,12 +666,12 @@ copyinverted(void)
|
||||
case NEWFILE: /* file name */
|
||||
return;
|
||||
case INCLUDE: /* #included file */
|
||||
- putinclude(symbol);
|
||||
+ putinclude(symbol, PATHLEN);
|
||||
goto output;
|
||||
}
|
||||
dbputc(type);
|
||||
skiprefchar();
|
||||
- putstring(symbol);
|
||||
+ putstring(symbol, PATHLEN);
|
||||
goto output;
|
||||
}
|
||||
c = *cp;
|
||||
@@ -681,7 +681,7 @@ copyinverted(void)
|
||||
/* if this is a symbol */
|
||||
if (isalpha((unsigned char)c) || c == '_') {
|
||||
blockp = cp;
|
||||
- putstring(symbol);
|
||||
+ putstring(symbol, PATHLEN);
|
||||
type = ' ';
|
||||
output:
|
||||
putposting(symbol, type);
|
||||
@@ -712,11 +712,11 @@ movefile(char *new, char *old)
|
||||
/* process the #included file in the old database */
|
||||
|
||||
static void
|
||||
-putinclude(char *s)
|
||||
+putinclude(char *s, int len)
|
||||
{
|
||||
dbputc(INCLUDE);
|
||||
skiprefchar();
|
||||
- putstring(s);
|
||||
+ putstring(s, len);
|
||||
incfile(s + 1, s);
|
||||
}
|
||||
|
@ -22,6 +22,7 @@ Patch5:cscope-15.5-resize.patch
|
||||
Patch6:cscope-15.5-tempsec.patch
|
||||
Patch7:cscope-15.5-inv-overflow.patch
|
||||
Patch8:cscope-15.5-ocs-sysdir.patch
|
||||
Patch9:cscope-15.5-putstring-overflow.patch
|
||||
|
||||
%description
|
||||
cscope is a mature, ncurses based, C source code tree browsing tool. It
|
||||
@ -89,6 +90,9 @@ rm -f %{xemacs_lisp_path}/xcscope.el
|
||||
rm -f %{emacs_lisp_path}/xcscope.el
|
||||
|
||||
%changelog
|
||||
* Fri Jun 23 2006 Neil Horman <nhorman@redhat.com>
|
||||
- Fix putstring overflow (bz 189666)
|
||||
|
||||
* Fri May 5 2006 Neil Horman <nhorman@redhat.com>
|
||||
- Adding fix to put SYSDIR in right location (bz190580)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user