diff --git a/cscope-15.5-putstring-overflow.patch b/cscope-15.5-putstring-overflow.patch new file mode 100644 index 0000000..ef3d452 --- /dev/null +++ b/cscope-15.5-putstring-overflow.patch @@ -0,0 +1,280 @@ +--- cscope-15.5/src/find.c.stack 2006-06-23 16:00:34.000000000 -0400 ++++ cscope-15.5/src/find.c 2006-06-23 16:00:47.000000000 -0400 +@@ -184,7 +184,7 @@ find_symbol_or_assignment(char *pattern, + + (void) scanpast('\t'); /* find the end of the header */ + skiprefchar(); /* skip the file marker */ +- putstring(file); /* save the file name */ ++ putstring(file, PATHLEN); /* save the file name */ + (void) strcpy(function, global);/* set the dummy global function name */ + (void) strcpy(macro, global);/* set the dummy global macro name */ + +@@ -216,7 +216,7 @@ find_symbol_or_assignment(char *pattern, + + /* save the name */ + skiprefchar(); +- putstring(file); ++ putstring(file, PATHLEN); + + /* check for the end of the symbols */ + if (*file == '\0') { +@@ -255,7 +255,7 @@ find_symbol_or_assignment(char *pattern, + } + /* save the name */ + skiprefchar(); +- putstring(s); ++ putstring(s, PATHLEN); + + /* see if this is a regular expression pattern */ + if (isregexp_valid == YES) { +@@ -293,7 +293,7 @@ find_symbol_or_assignment(char *pattern, + + if (isalpha((unsigned char)firstchar) || firstchar == '_') { + blockp = cp; +- putstring(symbol); ++ putstring(symbol, PATHLEN); + if (caseless == YES) { + s = lcasify(symbol); /* point to lower case version */ + } +@@ -382,7 +382,7 @@ finddef(char *pattern) + + case NEWFILE: + skiprefchar(); /* save file name */ +- putstring(file); ++ putstring(file, PATHLEN); + if (*file == '\0') { /* if end of symbols */ + return NULL; + } +@@ -412,21 +412,36 @@ finddef(char *pattern) + } + /* find all function definitions (used by samuel only) */ + ++static void blow_up(int line) ++{ ++ fprintf(stderr,"STACK CORRUPTION AT %d\n",line); ++ abort(); ++} ++ ++#define CHECK_STACK() do { if(test != (unsigned int)&test) {\ ++blow_up(__LINE__);\ ++}} while(0) ++ + char * + findallfcns(char *dummy) + { ++ volatile unsigned int test = 0; + char file[PATHLEN + 1]; /* source file name */ + char function[PATLEN + 1]; /* function name */ +- ++ char oldblockp; + (void) dummy; /* unused argument */ + + /* find the next file name or definition */ ++ test = (unsigned int)&test; + while (scanpast('\t') != NULL) { ++ CHECK_STACK(); ++ oldblockp=*blockp; + switch (*blockp) { + + case NEWFILE: + skiprefchar(); /* save file name */ +- putstring(file); ++ putstring(file, PATHLEN); ++ CHECK_STACK(); + if (*file == '\0') { /* if end of symbols */ + return NULL; + } +@@ -440,8 +455,7 @@ findallfcns(char *dummy) + case FCNDEF: + case CLASSDEF: + skiprefchar(); /* save function name */ +- putstring(function); +- ++ putstring(function, PATHLEN); + /* output the file, function and source line */ + putref(0, file, function); + break; +@@ -483,7 +497,7 @@ findcalling(char *pattern) + + case NEWFILE: /* save file name */ + skiprefchar(); +- putstring(file); ++ putstring(file, PATHLEN); + if (*file == '\0') { /* if end of symbols */ + return NULL; + } +@@ -494,7 +508,7 @@ findcalling(char *pattern) + case DEFINE: /* could be a macro */ + if (fileversion >= 10) { + skiprefchar(); +- putstring(macro); ++ putstring(macro, PATHLEN); + } + break; + +@@ -504,7 +518,7 @@ findcalling(char *pattern) + + case FCNDEF: /* save calling function name */ + skiprefchar(); +- putstring(function); ++ putstring(function, PATHLEN); + for (i = 0; i < morefuns; i++) + if ( !strcmp(tmpfunc[i], function) ) + break; +@@ -639,7 +653,7 @@ findinclude(char *pattern) + + case NEWFILE: /* save file name */ + skiprefchar(); +- putstring(file); ++ putstring(file, PATHLEN); + if (*file == '\0') { /* if end of symbols */ + return NULL; + } +@@ -790,7 +804,7 @@ match(void) + + /* see if this is a regular expression pattern */ + if (isregexp_valid == YES) { +- putstring(string); ++ putstring(string, PATHLEN); + if (*string == '\0') { + return(NO); + } +@@ -940,26 +954,29 @@ putline(FILE *output) + /* put the rest of the cross-reference line into the string */ + + void +-putstring(char *s) ++putstring(char *s, int length) + { + char *cp; + unsigned c; +- ++ int i=0; + setmark('\n'); + cp = blockp; + do { +- while ((c = (unsigned)(*cp)) != '\n') { ++ while (((c = (unsigned)(*cp)) != '\n') && (i '\177') { + c &= 0177; + *s++ = dichar1[c / 8]; + *s++ = dichar2[c & 7]; ++ i+=2; + } + else { + *s++ = c; ++ i++; + } + ++cp; + } +- } while (*(cp + 1) == '\0' && (cp = readblock()) != NULL); ++ } while (((*(cp + 1) == '\0' && (cp = readblock()) != NULL)) && ++ (i < length)); + blockp = cp; + *s = '\0'; + } +@@ -1059,7 +1076,7 @@ findcalledby(char *pattern) + + case NEWFILE: + skiprefchar(); /* save file name */ +- putstring(file); ++ putstring(file, PATHLEN); + if (*file == '\0') { /* if end of symbols */ + return(&found_caller); + } +@@ -1194,7 +1211,7 @@ putpostingref(POSTING *p, char *pat) + if (p->type == FCNDEF) { /* need to find the function name */ + if (dbseek(p->lineoffset) != -1) { + scanpast(FCNDEF); +- putstring(function); ++ putstring(function, PATHLEN); + } + } + else if (p->type != FCNCALL) { +@@ -1203,7 +1220,7 @@ putpostingref(POSTING *p, char *pat) + } + else if (p->fcnoffset != lastfcnoffset) { + if (dbseek(p->fcnoffset) != -1) { +- putstring(function); ++ putstring(function, PATHLEN); + lastfcnoffset = p->fcnoffset; + } + } +--- cscope-15.5/src/global.h.stack 2006-06-23 16:01:31.000000000 -0400 ++++ cscope-15.5/src/global.h 2006-06-23 16:02:55.000000000 -0400 +@@ -370,7 +370,7 @@ void postmsg(char *msg); + void postmsg2(char *msg); + void posterr(char *msg,...); + void putposting(char *term, int type); +-void putstring(char *s); ++void putstring(char *s, int length); + void resetcmd(void); + void seekline(int line); + void setfield(void); +--- cscope-15.5/src/build.c.stack 2003-03-05 05:43:59.000000000 -0500 ++++ cscope-15.5/src/build.c 2006-06-23 16:00:47.000000000 -0400 +@@ -82,7 +82,7 @@ static void copyinverted(void); + static char *getoldfile(void); + static void movefile(char *new, char *old); + static void putheader(char *dir); +-static void putinclude(char *s); ++static void putinclude(char *s, int len); + static void putlist(char **names, int count); + static BOOL samelist(FILE *oldrefs, char **names, int count); + +@@ -512,7 +512,7 @@ getoldfile(void) + do { + if (*blockp == NEWFILE) { + skiprefchar(); +- putstring(file); ++ putstring(file, PATHLEN); + if (file[0] != '\0') { /* if not end-of-crossref */ + return(file); + } +@@ -614,7 +614,7 @@ copydata(void) + /* look for an #included file */ + if (*cp == INCLUDE) { + blockp = cp; +- putinclude(symbol); ++ putinclude(symbol, PATHLEN); + writestring(symbol); + setmark('\t'); + cp = blockp; +@@ -666,12 +666,12 @@ copyinverted(void) + case NEWFILE: /* file name */ + return; + case INCLUDE: /* #included file */ +- putinclude(symbol); ++ putinclude(symbol, PATHLEN); + goto output; + } + dbputc(type); + skiprefchar(); +- putstring(symbol); ++ putstring(symbol, PATHLEN); + goto output; + } + c = *cp; +@@ -681,7 +681,7 @@ copyinverted(void) + /* if this is a symbol */ + if (isalpha((unsigned char)c) || c == '_') { + blockp = cp; +- putstring(symbol); ++ putstring(symbol, PATHLEN); + type = ' '; + output: + putposting(symbol, type); +@@ -712,11 +712,11 @@ movefile(char *new, char *old) + /* process the #included file in the old database */ + + static void +-putinclude(char *s) ++putinclude(char *s, int len) + { + dbputc(INCLUDE); + skiprefchar(); +- putstring(s); ++ putstring(s, len); + incfile(s + 1, s); + } + diff --git a/cscope.spec b/cscope.spec index 0147dfe..a3c34d4 100644 --- a/cscope.spec +++ b/cscope.spec @@ -22,6 +22,7 @@ Patch5:cscope-15.5-resize.patch Patch6:cscope-15.5-tempsec.patch Patch7:cscope-15.5-inv-overflow.patch Patch8:cscope-15.5-ocs-sysdir.patch +Patch9:cscope-15.5-putstring-overflow.patch %description cscope is a mature, ncurses based, C source code tree browsing tool. It @@ -89,6 +90,9 @@ rm -f %{xemacs_lisp_path}/xcscope.el rm -f %{emacs_lisp_path}/xcscope.el %changelog +* Fri Jun 23 2006 Neil Horman +- Fix putstring overflow (bz 189666) + * Fri May 5 2006 Neil Horman - Adding fix to put SYSDIR in right location (bz190580)