fixing bz 189666

This commit is contained in:
Neil Horman 2006-06-23 20:08:00 +00:00
parent a0b06dac5a
commit 1da091620f
2 changed files with 284 additions and 0 deletions

View File

@ -0,0 +1,280 @@
--- cscope-15.5/src/find.c.stack 2006-06-23 16:00:34.000000000 -0400
+++ cscope-15.5/src/find.c 2006-06-23 16:00:47.000000000 -0400
@@ -184,7 +184,7 @@ find_symbol_or_assignment(char *pattern,
(void) scanpast('\t'); /* find the end of the header */
skiprefchar(); /* skip the file marker */
- putstring(file); /* save the file name */
+ putstring(file, PATHLEN); /* save the file name */
(void) strcpy(function, global);/* set the dummy global function name */
(void) strcpy(macro, global);/* set the dummy global macro name */
@@ -216,7 +216,7 @@ find_symbol_or_assignment(char *pattern,
/* save the name */
skiprefchar();
- putstring(file);
+ putstring(file, PATHLEN);
/* check for the end of the symbols */
if (*file == '\0') {
@@ -255,7 +255,7 @@ find_symbol_or_assignment(char *pattern,
}
/* save the name */
skiprefchar();
- putstring(s);
+ putstring(s, PATHLEN);
/* see if this is a regular expression pattern */
if (isregexp_valid == YES) {
@@ -293,7 +293,7 @@ find_symbol_or_assignment(char *pattern,
if (isalpha((unsigned char)firstchar) || firstchar == '_') {
blockp = cp;
- putstring(symbol);
+ putstring(symbol, PATHLEN);
if (caseless == YES) {
s = lcasify(symbol); /* point to lower case version */
}
@@ -382,7 +382,7 @@ finddef(char *pattern)
case NEWFILE:
skiprefchar(); /* save file name */
- putstring(file);
+ putstring(file, PATHLEN);
if (*file == '\0') { /* if end of symbols */
return NULL;
}
@@ -412,21 +412,36 @@ finddef(char *pattern)
}
/* find all function definitions (used by samuel only) */
+static void blow_up(int line)
+{
+ fprintf(stderr,"STACK CORRUPTION AT %d\n",line);
+ abort();
+}
+
+#define CHECK_STACK() do { if(test != (unsigned int)&test) {\
+blow_up(__LINE__);\
+}} while(0)
+
char *
findallfcns(char *dummy)
{
+ volatile unsigned int test = 0;
char file[PATHLEN + 1]; /* source file name */
char function[PATLEN + 1]; /* function name */
-
+ char oldblockp;
(void) dummy; /* unused argument */
/* find the next file name or definition */
+ test = (unsigned int)&test;
while (scanpast('\t') != NULL) {
+ CHECK_STACK();
+ oldblockp=*blockp;
switch (*blockp) {
case NEWFILE:
skiprefchar(); /* save file name */
- putstring(file);
+ putstring(file, PATHLEN);
+ CHECK_STACK();
if (*file == '\0') { /* if end of symbols */
return NULL;
}
@@ -440,8 +455,7 @@ findallfcns(char *dummy)
case FCNDEF:
case CLASSDEF:
skiprefchar(); /* save function name */
- putstring(function);
-
+ putstring(function, PATHLEN);
/* output the file, function and source line */
putref(0, file, function);
break;
@@ -483,7 +497,7 @@ findcalling(char *pattern)
case NEWFILE: /* save file name */
skiprefchar();
- putstring(file);
+ putstring(file, PATHLEN);
if (*file == '\0') { /* if end of symbols */
return NULL;
}
@@ -494,7 +508,7 @@ findcalling(char *pattern)
case DEFINE: /* could be a macro */
if (fileversion >= 10) {
skiprefchar();
- putstring(macro);
+ putstring(macro, PATHLEN);
}
break;
@@ -504,7 +518,7 @@ findcalling(char *pattern)
case FCNDEF: /* save calling function name */
skiprefchar();
- putstring(function);
+ putstring(function, PATHLEN);
for (i = 0; i < morefuns; i++)
if ( !strcmp(tmpfunc[i], function) )
break;
@@ -639,7 +653,7 @@ findinclude(char *pattern)
case NEWFILE: /* save file name */
skiprefchar();
- putstring(file);
+ putstring(file, PATHLEN);
if (*file == '\0') { /* if end of symbols */
return NULL;
}
@@ -790,7 +804,7 @@ match(void)
/* see if this is a regular expression pattern */
if (isregexp_valid == YES) {
- putstring(string);
+ putstring(string, PATHLEN);
if (*string == '\0') {
return(NO);
}
@@ -940,26 +954,29 @@ putline(FILE *output)
/* put the rest of the cross-reference line into the string */
void
-putstring(char *s)
+putstring(char *s, int length)
{
char *cp;
unsigned c;
-
+ int i=0;
setmark('\n');
cp = blockp;
do {
- while ((c = (unsigned)(*cp)) != '\n') {
+ while (((c = (unsigned)(*cp)) != '\n') && (i<length)) {
if (c > '\177') {
c &= 0177;
*s++ = dichar1[c / 8];
*s++ = dichar2[c & 7];
+ i+=2;
}
else {
*s++ = c;
+ i++;
}
++cp;
}
- } while (*(cp + 1) == '\0' && (cp = readblock()) != NULL);
+ } while (((*(cp + 1) == '\0' && (cp = readblock()) != NULL)) &&
+ (i < length));
blockp = cp;
*s = '\0';
}
@@ -1059,7 +1076,7 @@ findcalledby(char *pattern)
case NEWFILE:
skiprefchar(); /* save file name */
- putstring(file);
+ putstring(file, PATHLEN);
if (*file == '\0') { /* if end of symbols */
return(&found_caller);
}
@@ -1194,7 +1211,7 @@ putpostingref(POSTING *p, char *pat)
if (p->type == FCNDEF) { /* need to find the function name */
if (dbseek(p->lineoffset) != -1) {
scanpast(FCNDEF);
- putstring(function);
+ putstring(function, PATHLEN);
}
}
else if (p->type != FCNCALL) {
@@ -1203,7 +1220,7 @@ putpostingref(POSTING *p, char *pat)
}
else if (p->fcnoffset != lastfcnoffset) {
if (dbseek(p->fcnoffset) != -1) {
- putstring(function);
+ putstring(function, PATHLEN);
lastfcnoffset = p->fcnoffset;
}
}
--- cscope-15.5/src/global.h.stack 2006-06-23 16:01:31.000000000 -0400
+++ cscope-15.5/src/global.h 2006-06-23 16:02:55.000000000 -0400
@@ -370,7 +370,7 @@ void postmsg(char *msg);
void postmsg2(char *msg);
void posterr(char *msg,...);
void putposting(char *term, int type);
-void putstring(char *s);
+void putstring(char *s, int length);
void resetcmd(void);
void seekline(int line);
void setfield(void);
--- cscope-15.5/src/build.c.stack 2003-03-05 05:43:59.000000000 -0500
+++ cscope-15.5/src/build.c 2006-06-23 16:00:47.000000000 -0400
@@ -82,7 +82,7 @@ static void copyinverted(void);
static char *getoldfile(void);
static void movefile(char *new, char *old);
static void putheader(char *dir);
-static void putinclude(char *s);
+static void putinclude(char *s, int len);
static void putlist(char **names, int count);
static BOOL samelist(FILE *oldrefs, char **names, int count);
@@ -512,7 +512,7 @@ getoldfile(void)
do {
if (*blockp == NEWFILE) {
skiprefchar();
- putstring(file);
+ putstring(file, PATHLEN);
if (file[0] != '\0') { /* if not end-of-crossref */
return(file);
}
@@ -614,7 +614,7 @@ copydata(void)
/* look for an #included file */
if (*cp == INCLUDE) {
blockp = cp;
- putinclude(symbol);
+ putinclude(symbol, PATHLEN);
writestring(symbol);
setmark('\t');
cp = blockp;
@@ -666,12 +666,12 @@ copyinverted(void)
case NEWFILE: /* file name */
return;
case INCLUDE: /* #included file */
- putinclude(symbol);
+ putinclude(symbol, PATHLEN);
goto output;
}
dbputc(type);
skiprefchar();
- putstring(symbol);
+ putstring(symbol, PATHLEN);
goto output;
}
c = *cp;
@@ -681,7 +681,7 @@ copyinverted(void)
/* if this is a symbol */
if (isalpha((unsigned char)c) || c == '_') {
blockp = cp;
- putstring(symbol);
+ putstring(symbol, PATHLEN);
type = ' ';
output:
putposting(symbol, type);
@@ -712,11 +712,11 @@ movefile(char *new, char *old)
/* process the #included file in the old database */
static void
-putinclude(char *s)
+putinclude(char *s, int len)
{
dbputc(INCLUDE);
skiprefchar();
- putstring(s);
+ putstring(s, len);
incfile(s + 1, s);
}

View File

@ -22,6 +22,7 @@ Patch5:cscope-15.5-resize.patch
Patch6:cscope-15.5-tempsec.patch Patch6:cscope-15.5-tempsec.patch
Patch7:cscope-15.5-inv-overflow.patch Patch7:cscope-15.5-inv-overflow.patch
Patch8:cscope-15.5-ocs-sysdir.patch Patch8:cscope-15.5-ocs-sysdir.patch
Patch9:cscope-15.5-putstring-overflow.patch
%description %description
cscope is a mature, ncurses based, C source code tree browsing tool. It cscope is a mature, ncurses based, C source code tree browsing tool. It
@ -89,6 +90,9 @@ rm -f %{xemacs_lisp_path}/xcscope.el
rm -f %{emacs_lisp_path}/xcscope.el rm -f %{emacs_lisp_path}/xcscope.el
%changelog %changelog
* Fri Jun 23 2006 Neil Horman <nhorman@redhat.com>
- Fix putstring overflow (bz 189666)
* Fri May 5 2006 Neil Horman <nhorman@redhat.com> * Fri May 5 2006 Neil Horman <nhorman@redhat.com>
- Adding fix to put SYSDIR in right location (bz190580) - Adding fix to put SYSDIR in right location (bz190580)