fixing bz 189666
This commit is contained in:
parent
a0b06dac5a
commit
1da091620f
280
cscope-15.5-putstring-overflow.patch
Normal file
280
cscope-15.5-putstring-overflow.patch
Normal file
@ -0,0 +1,280 @@
|
|||||||
|
--- cscope-15.5/src/find.c.stack 2006-06-23 16:00:34.000000000 -0400
|
||||||
|
+++ cscope-15.5/src/find.c 2006-06-23 16:00:47.000000000 -0400
|
||||||
|
@@ -184,7 +184,7 @@ find_symbol_or_assignment(char *pattern,
|
||||||
|
|
||||||
|
(void) scanpast('\t'); /* find the end of the header */
|
||||||
|
skiprefchar(); /* skip the file marker */
|
||||||
|
- putstring(file); /* save the file name */
|
||||||
|
+ putstring(file, PATHLEN); /* save the file name */
|
||||||
|
(void) strcpy(function, global);/* set the dummy global function name */
|
||||||
|
(void) strcpy(macro, global);/* set the dummy global macro name */
|
||||||
|
|
||||||
|
@@ -216,7 +216,7 @@ find_symbol_or_assignment(char *pattern,
|
||||||
|
|
||||||
|
/* save the name */
|
||||||
|
skiprefchar();
|
||||||
|
- putstring(file);
|
||||||
|
+ putstring(file, PATHLEN);
|
||||||
|
|
||||||
|
/* check for the end of the symbols */
|
||||||
|
if (*file == '\0') {
|
||||||
|
@@ -255,7 +255,7 @@ find_symbol_or_assignment(char *pattern,
|
||||||
|
}
|
||||||
|
/* save the name */
|
||||||
|
skiprefchar();
|
||||||
|
- putstring(s);
|
||||||
|
+ putstring(s, PATHLEN);
|
||||||
|
|
||||||
|
/* see if this is a regular expression pattern */
|
||||||
|
if (isregexp_valid == YES) {
|
||||||
|
@@ -293,7 +293,7 @@ find_symbol_or_assignment(char *pattern,
|
||||||
|
|
||||||
|
if (isalpha((unsigned char)firstchar) || firstchar == '_') {
|
||||||
|
blockp = cp;
|
||||||
|
- putstring(symbol);
|
||||||
|
+ putstring(symbol, PATHLEN);
|
||||||
|
if (caseless == YES) {
|
||||||
|
s = lcasify(symbol); /* point to lower case version */
|
||||||
|
}
|
||||||
|
@@ -382,7 +382,7 @@ finddef(char *pattern)
|
||||||
|
|
||||||
|
case NEWFILE:
|
||||||
|
skiprefchar(); /* save file name */
|
||||||
|
- putstring(file);
|
||||||
|
+ putstring(file, PATHLEN);
|
||||||
|
if (*file == '\0') { /* if end of symbols */
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
@@ -412,21 +412,36 @@ finddef(char *pattern)
|
||||||
|
}
|
||||||
|
/* find all function definitions (used by samuel only) */
|
||||||
|
|
||||||
|
+static void blow_up(int line)
|
||||||
|
+{
|
||||||
|
+ fprintf(stderr,"STACK CORRUPTION AT %d\n",line);
|
||||||
|
+ abort();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#define CHECK_STACK() do { if(test != (unsigned int)&test) {\
|
||||||
|
+blow_up(__LINE__);\
|
||||||
|
+}} while(0)
|
||||||
|
+
|
||||||
|
char *
|
||||||
|
findallfcns(char *dummy)
|
||||||
|
{
|
||||||
|
+ volatile unsigned int test = 0;
|
||||||
|
char file[PATHLEN + 1]; /* source file name */
|
||||||
|
char function[PATLEN + 1]; /* function name */
|
||||||
|
-
|
||||||
|
+ char oldblockp;
|
||||||
|
(void) dummy; /* unused argument */
|
||||||
|
|
||||||
|
/* find the next file name or definition */
|
||||||
|
+ test = (unsigned int)&test;
|
||||||
|
while (scanpast('\t') != NULL) {
|
||||||
|
+ CHECK_STACK();
|
||||||
|
+ oldblockp=*blockp;
|
||||||
|
switch (*blockp) {
|
||||||
|
|
||||||
|
case NEWFILE:
|
||||||
|
skiprefchar(); /* save file name */
|
||||||
|
- putstring(file);
|
||||||
|
+ putstring(file, PATHLEN);
|
||||||
|
+ CHECK_STACK();
|
||||||
|
if (*file == '\0') { /* if end of symbols */
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
@@ -440,8 +455,7 @@ findallfcns(char *dummy)
|
||||||
|
case FCNDEF:
|
||||||
|
case CLASSDEF:
|
||||||
|
skiprefchar(); /* save function name */
|
||||||
|
- putstring(function);
|
||||||
|
-
|
||||||
|
+ putstring(function, PATHLEN);
|
||||||
|
/* output the file, function and source line */
|
||||||
|
putref(0, file, function);
|
||||||
|
break;
|
||||||
|
@@ -483,7 +497,7 @@ findcalling(char *pattern)
|
||||||
|
|
||||||
|
case NEWFILE: /* save file name */
|
||||||
|
skiprefchar();
|
||||||
|
- putstring(file);
|
||||||
|
+ putstring(file, PATHLEN);
|
||||||
|
if (*file == '\0') { /* if end of symbols */
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
@@ -494,7 +508,7 @@ findcalling(char *pattern)
|
||||||
|
case DEFINE: /* could be a macro */
|
||||||
|
if (fileversion >= 10) {
|
||||||
|
skiprefchar();
|
||||||
|
- putstring(macro);
|
||||||
|
+ putstring(macro, PATHLEN);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
@@ -504,7 +518,7 @@ findcalling(char *pattern)
|
||||||
|
|
||||||
|
case FCNDEF: /* save calling function name */
|
||||||
|
skiprefchar();
|
||||||
|
- putstring(function);
|
||||||
|
+ putstring(function, PATHLEN);
|
||||||
|
for (i = 0; i < morefuns; i++)
|
||||||
|
if ( !strcmp(tmpfunc[i], function) )
|
||||||
|
break;
|
||||||
|
@@ -639,7 +653,7 @@ findinclude(char *pattern)
|
||||||
|
|
||||||
|
case NEWFILE: /* save file name */
|
||||||
|
skiprefchar();
|
||||||
|
- putstring(file);
|
||||||
|
+ putstring(file, PATHLEN);
|
||||||
|
if (*file == '\0') { /* if end of symbols */
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
@@ -790,7 +804,7 @@ match(void)
|
||||||
|
|
||||||
|
/* see if this is a regular expression pattern */
|
||||||
|
if (isregexp_valid == YES) {
|
||||||
|
- putstring(string);
|
||||||
|
+ putstring(string, PATHLEN);
|
||||||
|
if (*string == '\0') {
|
||||||
|
return(NO);
|
||||||
|
}
|
||||||
|
@@ -940,26 +954,29 @@ putline(FILE *output)
|
||||||
|
/* put the rest of the cross-reference line into the string */
|
||||||
|
|
||||||
|
void
|
||||||
|
-putstring(char *s)
|
||||||
|
+putstring(char *s, int length)
|
||||||
|
{
|
||||||
|
char *cp;
|
||||||
|
unsigned c;
|
||||||
|
-
|
||||||
|
+ int i=0;
|
||||||
|
setmark('\n');
|
||||||
|
cp = blockp;
|
||||||
|
do {
|
||||||
|
- while ((c = (unsigned)(*cp)) != '\n') {
|
||||||
|
+ while (((c = (unsigned)(*cp)) != '\n') && (i<length)) {
|
||||||
|
if (c > '\177') {
|
||||||
|
c &= 0177;
|
||||||
|
*s++ = dichar1[c / 8];
|
||||||
|
*s++ = dichar2[c & 7];
|
||||||
|
+ i+=2;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
*s++ = c;
|
||||||
|
+ i++;
|
||||||
|
}
|
||||||
|
++cp;
|
||||||
|
}
|
||||||
|
- } while (*(cp + 1) == '\0' && (cp = readblock()) != NULL);
|
||||||
|
+ } while (((*(cp + 1) == '\0' && (cp = readblock()) != NULL)) &&
|
||||||
|
+ (i < length));
|
||||||
|
blockp = cp;
|
||||||
|
*s = '\0';
|
||||||
|
}
|
||||||
|
@@ -1059,7 +1076,7 @@ findcalledby(char *pattern)
|
||||||
|
|
||||||
|
case NEWFILE:
|
||||||
|
skiprefchar(); /* save file name */
|
||||||
|
- putstring(file);
|
||||||
|
+ putstring(file, PATHLEN);
|
||||||
|
if (*file == '\0') { /* if end of symbols */
|
||||||
|
return(&found_caller);
|
||||||
|
}
|
||||||
|
@@ -1194,7 +1211,7 @@ putpostingref(POSTING *p, char *pat)
|
||||||
|
if (p->type == FCNDEF) { /* need to find the function name */
|
||||||
|
if (dbseek(p->lineoffset) != -1) {
|
||||||
|
scanpast(FCNDEF);
|
||||||
|
- putstring(function);
|
||||||
|
+ putstring(function, PATHLEN);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (p->type != FCNCALL) {
|
||||||
|
@@ -1203,7 +1220,7 @@ putpostingref(POSTING *p, char *pat)
|
||||||
|
}
|
||||||
|
else if (p->fcnoffset != lastfcnoffset) {
|
||||||
|
if (dbseek(p->fcnoffset) != -1) {
|
||||||
|
- putstring(function);
|
||||||
|
+ putstring(function, PATHLEN);
|
||||||
|
lastfcnoffset = p->fcnoffset;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--- cscope-15.5/src/global.h.stack 2006-06-23 16:01:31.000000000 -0400
|
||||||
|
+++ cscope-15.5/src/global.h 2006-06-23 16:02:55.000000000 -0400
|
||||||
|
@@ -370,7 +370,7 @@ void postmsg(char *msg);
|
||||||
|
void postmsg2(char *msg);
|
||||||
|
void posterr(char *msg,...);
|
||||||
|
void putposting(char *term, int type);
|
||||||
|
-void putstring(char *s);
|
||||||
|
+void putstring(char *s, int length);
|
||||||
|
void resetcmd(void);
|
||||||
|
void seekline(int line);
|
||||||
|
void setfield(void);
|
||||||
|
--- cscope-15.5/src/build.c.stack 2003-03-05 05:43:59.000000000 -0500
|
||||||
|
+++ cscope-15.5/src/build.c 2006-06-23 16:00:47.000000000 -0400
|
||||||
|
@@ -82,7 +82,7 @@ static void copyinverted(void);
|
||||||
|
static char *getoldfile(void);
|
||||||
|
static void movefile(char *new, char *old);
|
||||||
|
static void putheader(char *dir);
|
||||||
|
-static void putinclude(char *s);
|
||||||
|
+static void putinclude(char *s, int len);
|
||||||
|
static void putlist(char **names, int count);
|
||||||
|
static BOOL samelist(FILE *oldrefs, char **names, int count);
|
||||||
|
|
||||||
|
@@ -512,7 +512,7 @@ getoldfile(void)
|
||||||
|
do {
|
||||||
|
if (*blockp == NEWFILE) {
|
||||||
|
skiprefchar();
|
||||||
|
- putstring(file);
|
||||||
|
+ putstring(file, PATHLEN);
|
||||||
|
if (file[0] != '\0') { /* if not end-of-crossref */
|
||||||
|
return(file);
|
||||||
|
}
|
||||||
|
@@ -614,7 +614,7 @@ copydata(void)
|
||||||
|
/* look for an #included file */
|
||||||
|
if (*cp == INCLUDE) {
|
||||||
|
blockp = cp;
|
||||||
|
- putinclude(symbol);
|
||||||
|
+ putinclude(symbol, PATHLEN);
|
||||||
|
writestring(symbol);
|
||||||
|
setmark('\t');
|
||||||
|
cp = blockp;
|
||||||
|
@@ -666,12 +666,12 @@ copyinverted(void)
|
||||||
|
case NEWFILE: /* file name */
|
||||||
|
return;
|
||||||
|
case INCLUDE: /* #included file */
|
||||||
|
- putinclude(symbol);
|
||||||
|
+ putinclude(symbol, PATHLEN);
|
||||||
|
goto output;
|
||||||
|
}
|
||||||
|
dbputc(type);
|
||||||
|
skiprefchar();
|
||||||
|
- putstring(symbol);
|
||||||
|
+ putstring(symbol, PATHLEN);
|
||||||
|
goto output;
|
||||||
|
}
|
||||||
|
c = *cp;
|
||||||
|
@@ -681,7 +681,7 @@ copyinverted(void)
|
||||||
|
/* if this is a symbol */
|
||||||
|
if (isalpha((unsigned char)c) || c == '_') {
|
||||||
|
blockp = cp;
|
||||||
|
- putstring(symbol);
|
||||||
|
+ putstring(symbol, PATHLEN);
|
||||||
|
type = ' ';
|
||||||
|
output:
|
||||||
|
putposting(symbol, type);
|
||||||
|
@@ -712,11 +712,11 @@ movefile(char *new, char *old)
|
||||||
|
/* process the #included file in the old database */
|
||||||
|
|
||||||
|
static void
|
||||||
|
-putinclude(char *s)
|
||||||
|
+putinclude(char *s, int len)
|
||||||
|
{
|
||||||
|
dbputc(INCLUDE);
|
||||||
|
skiprefchar();
|
||||||
|
- putstring(s);
|
||||||
|
+ putstring(s, len);
|
||||||
|
incfile(s + 1, s);
|
||||||
|
}
|
||||||
|
|
@ -22,6 +22,7 @@ Patch5:cscope-15.5-resize.patch
|
|||||||
Patch6:cscope-15.5-tempsec.patch
|
Patch6:cscope-15.5-tempsec.patch
|
||||||
Patch7:cscope-15.5-inv-overflow.patch
|
Patch7:cscope-15.5-inv-overflow.patch
|
||||||
Patch8:cscope-15.5-ocs-sysdir.patch
|
Patch8:cscope-15.5-ocs-sysdir.patch
|
||||||
|
Patch9:cscope-15.5-putstring-overflow.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
cscope is a mature, ncurses based, C source code tree browsing tool. It
|
cscope is a mature, ncurses based, C source code tree browsing tool. It
|
||||||
@ -89,6 +90,9 @@ rm -f %{xemacs_lisp_path}/xcscope.el
|
|||||||
rm -f %{emacs_lisp_path}/xcscope.el
|
rm -f %{emacs_lisp_path}/xcscope.el
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 23 2006 Neil Horman <nhorman@redhat.com>
|
||||||
|
- Fix putstring overflow (bz 189666)
|
||||||
|
|
||||||
* Fri May 5 2006 Neil Horman <nhorman@redhat.com>
|
* Fri May 5 2006 Neil Horman <nhorman@redhat.com>
|
||||||
- Adding fix to put SYSDIR in right location (bz190580)
|
- Adding fix to put SYSDIR in right location (bz190580)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user