checking in fix for bz 203651
This commit is contained in:
parent
8c4d519bfc
commit
a13fed4d3b
208
cscope-15.5-fscanf-overflows.patch
Normal file
208
cscope-15.5-fscanf-overflows.patch
Normal file
@ -0,0 +1,208 @@
|
||||
--- cscope-15.5/src/display.c.orig 2006-08-23 07:08:40.000000000 -0400
|
||||
+++ cscope-15.5/src/display.c 2006-08-23 10:19:41.000000000 -0400
|
||||
@@ -217,7 +217,7 @@
|
||||
disprefs < mdisprefs && screenline <= lastdispline;
|
||||
++disprefs, ++screenline) {
|
||||
/* read the reference line */
|
||||
- if (fscanf(refsfound, "%s%s%s %[^\n]", file, function,
|
||||
+ if (fscanf(refsfound, "%" PATHLEN_STR "s%" PATHLEN_STR "s%" NUMLEN_STR "s %" TEMPSTRING_LEN_STR "[^\n]", file, function,
|
||||
linenum, tempstring) < 4) {
|
||||
break;
|
||||
}
|
||||
--- cscope-15.5/src/input.c.orig 2006-08-23 07:08:40.000000000 -0400
|
||||
+++ cscope-15.5/src/input.c 2006-08-23 10:57:01.000000000 -0400
|
||||
@@ -293,16 +293,15 @@
|
||||
/* if the login name is null, then use $HOME */
|
||||
if (*out == '\0') {
|
||||
v = getenv("HOME");
|
||||
- }
|
||||
- else { /* get the home directory of the login name */
|
||||
+ } else { /* get the home directory of the login name */
|
||||
v = logdir(out);
|
||||
}
|
||||
- /* copy the directory name */
|
||||
- if (v != NULL) {
|
||||
+ /* copy the directory name if it isn't too big */
|
||||
+ if (v != NULL && strlen(v) < (lastchar - out)) {
|
||||
(void) strcpy(out - 1, v);
|
||||
out += strlen(v) - 1;
|
||||
- }
|
||||
- else { /* login not found, so ~ must be part of the file name */
|
||||
+ } else {
|
||||
+ /* login not found, so ~ must be part of the file name */
|
||||
out += strlen(out);
|
||||
}
|
||||
}
|
||||
@@ -322,11 +321,11 @@
|
||||
*s = '\0';
|
||||
|
||||
/* get its value */
|
||||
- if ((v = getenv(out)) != NULL) {
|
||||
+ if ((v = getenv(out)) != NULL && strlen(v) < (lastchar - out)) {
|
||||
(void) strcpy(out - 1, v);
|
||||
out += strlen(v) - 1;
|
||||
- }
|
||||
- else { /* var not found, so $ must be part of the file name */
|
||||
+ } else {
|
||||
+ /* var not found, so $ must be part of the file name */
|
||||
out += strlen(out);
|
||||
}
|
||||
}
|
||||
--- cscope-15.5/src/edit.c.orig 2001-07-18 09:49:01.000000000 -0400
|
||||
+++ cscope-15.5/src/edit.c 2006-08-23 10:16:30.000000000 -0400
|
||||
@@ -60,7 +60,7 @@
|
||||
seekline(i + topline);
|
||||
|
||||
/* get the file name and line number */
|
||||
- if (fscanf(refsfound, "%s%*s%s", file, linenum) == 2) {
|
||||
+ if (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s", file, linenum) == 2) {
|
||||
edit(file, linenum); /* edit it */
|
||||
}
|
||||
seekline(topline); /* restore the line pointer */
|
||||
@@ -83,7 +83,7 @@
|
||||
seekline(1);
|
||||
|
||||
/* get each file name and line number */
|
||||
- while (fscanf(refsfound, "%s%*s%s%*[^\n]", file, linenum) == 2) {
|
||||
+ while (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s%*[^\n]", file, linenum) == 2) {
|
||||
edit(file, linenum); /* edit it */
|
||||
if (editallprompt == YES) {
|
||||
addstr("Type ^D to stop editing all lines, or any other character to continue: ");
|
||||
--- cscope-15.5/src/command.c.orig 2006-08-23 07:08:40.000000000 -0400
|
||||
+++ cscope-15.5/src/command.c 2006-08-23 10:08:50.000000000 -0400
|
||||
@@ -727,7 +727,7 @@
|
||||
(void) fprintf(script, "ed - <<\\!\n");
|
||||
*oldfile = '\0';
|
||||
seekline(1);
|
||||
- for (i = 0; fscanf(refsfound, "%s%*s%s%*[^\n]", newfile, linenum) == 2;
|
||||
+ for (i = 0; fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s%*[^\n]", newfile, linenum) == 2;
|
||||
++i) {
|
||||
/* see if the line is to be changed */
|
||||
if (change[i] == YES) {
|
||||
--- cscope-15.5/src/dir.c.orig 2003-06-02 06:43:00.000000000 -0400
|
||||
+++ cscope-15.5/src/dir.c 2006-08-23 10:09:20.000000000 -0400
|
||||
@@ -319,7 +319,7 @@
|
||||
|
||||
/* Parse whitespace-terminated strings in line: */
|
||||
point_in_line = line;
|
||||
- while (sscanf(point_in_line, "%s", path) == 1) {
|
||||
+ while (sscanf(point_in_line, "%" PATHLEN_STR "s", path) == 1) {
|
||||
/* Have to store this length --- inviewpath() will
|
||||
* modify path, later! */
|
||||
length_of_name = strlen(path);
|
||||
--- cscope-15.5/src/main.c.orig 2006-08-23 07:08:40.000000000 -0400
|
||||
+++ cscope-15.5/src/main.c 2006-08-23 11:26:48.000000000 -0400
|
||||
@@ -102,10 +102,10 @@
|
||||
#endif
|
||||
char temp1[PATHLEN + 1]; /* temporary file name */
|
||||
char temp2[PATHLEN + 1]; /* temporary file name */
|
||||
-char tempdirpv[PATHLEN +1]; /* private temp directory */
|
||||
+char tempdirpv[PATHLEN + 1]; /* private temp directory */
|
||||
long totalterms; /* total inverted index terms */
|
||||
BOOL trun_syms; /* truncate symbols to 8 characters */
|
||||
-char tempstring[8192]; /* use this as a buffer, instead of 'yytext',
|
||||
+char tempstring[TEMPSTRING_LEN + 1]; /* use this as a buffer, instead of 'yytext',
|
||||
* which had better be left alone */
|
||||
char *tmpdir; /* temporary directory */
|
||||
|
||||
@@ -270,6 +270,13 @@
|
||||
s[11] = '\0';
|
||||
}
|
||||
#endif
|
||||
+ if (strlen(reffile) > sizeof(path) - 1) {
|
||||
+ char buffer[512];
|
||||
+ sprintf(buffer,"cscope: reffile too long, cannot be > %d characters\n", sizeof(path) - 1);
|
||||
+ postmsg(buffer);
|
||||
+ myexit(1);
|
||||
+ /* NOTREACHED */
|
||||
+ }
|
||||
s = path + strlen(path);
|
||||
(void) strcpy(s, ".in");
|
||||
invname = stralloc(path);
|
||||
@@ -491,11 +498,11 @@
|
||||
|| (names = vpfopen(NAMEFILE, "r")) != NULL) {
|
||||
|
||||
/* read any -p option from it */
|
||||
- while (fscanf(names, "%s", path) == 1 && *path == '-') {
|
||||
+ while (fgets(path, sizeof(path), names) != NULL && *path == '-') {
|
||||
i = path[1];
|
||||
s = path + 2; /* for "-Ipath" */
|
||||
if (*s == '\0') { /* if "-I path" */
|
||||
- (void) fscanf(names, "%s", path);
|
||||
+ fgets(path, sizeof(path), names);
|
||||
s = path;
|
||||
}
|
||||
switch (i) {
|
||||
@@ -512,7 +519,7 @@
|
||||
}
|
||||
else {
|
||||
for (i = 0; i < nsrcfiles; ++i) {
|
||||
- if (fscanf(oldrefs, "%s", path) != 1) {
|
||||
+ if (!fgets(path, sizeof(path), oldrefs) ) {
|
||||
posterr("cscope: cannot read source file name from file %s\n", reffile);
|
||||
myexit(1);
|
||||
}
|
||||
--- cscope-15.5/src/constants.h.orig 2006-08-23 07:08:40.000000000 -0400
|
||||
+++ cscope-15.5/src/constants.h 2006-08-23 10:16:30.000000000 -0400
|
||||
@@ -68,6 +68,7 @@
|
||||
#define NUMLEN 5 /* line number length */
|
||||
#define PATHLEN 250 /* file pathname length */
|
||||
#define PATLEN 250 /* symbol pattern length */
|
||||
+#define TEMPSTRING_LEN 8191 /* max strlen() of the global temp string */
|
||||
#define REFFILE "cscope.out" /* cross-reference output file */
|
||||
#define NAMEFILE "cscope.files" /* default list-of-files file */
|
||||
#define INVNAME "cscope.in.out" /* inverted index to the database */
|
||||
@@ -77,6 +78,13 @@
|
||||
|
||||
#define STMTMAX 10000 /* maximum source statement length */
|
||||
|
||||
+#define STR2(x) #x
|
||||
+#define STRINGIZE(x) STR2(x)
|
||||
+#define PATLEN_STR STRINGIZE(PATLEN)
|
||||
+#define PATHLEN_STR STRINGIZE(PATHLEN)
|
||||
+#define NUMLEN_STR STRINGIZE(NUMLEN)
|
||||
+#define TEMPSTRING_LEN_STR STRINGIZE(TEMPSTRING_LEN)
|
||||
+
|
||||
/* screen lines */
|
||||
#define FLDLINE (LINES - FIELDS - 1) /* first input field line */
|
||||
#define MSGLINE 0 /* message line */
|
||||
--- cscope-15.5/src/build.c.orig 2006-08-23 07:08:40.000000000 -0400
|
||||
+++ cscope-15.5/src/build.c 2006-08-23 11:17:57.000000000 -0400
|
||||
@@ -115,7 +115,7 @@
|
||||
}
|
||||
/* see if the name list is the same */
|
||||
for (i = 0; i < count; ++i) {
|
||||
- if (fscanf(oldrefs, "%s", oldname) != 1 ||
|
||||
+ if (! fgets(oldname, sizeof(oldname), oldrefs)||
|
||||
strnotequal(oldname, names[i])) {
|
||||
return(NO);
|
||||
}
|
||||
@@ -223,8 +223,8 @@
|
||||
/* if there is an old cross-reference and its current directory matches */
|
||||
/* or this is an unconditional build */
|
||||
if ((oldrefs = vpfopen(reffile, "rb")) != NULL && unconditional == NO &&
|
||||
- fscanf(oldrefs, "cscope %d %s", &fileversion, olddir) == 2 &&
|
||||
- (strcmp(olddir, currentdir) == 0 || /* remain compatible */
|
||||
+ fscanf(oldrefs, "cscope %d %" PATHLEN_STR "s", &fileversion, olddir) == 2
|
||||
+ && (strcmp(olddir, currentdir) == 0 || /* remain compatible */
|
||||
strcmp(olddir, newdir) == 0)) {
|
||||
/* get the cross-reference file's modification time */
|
||||
(void) fstat(fileno(oldrefs), &statstruct);
|
||||
@@ -292,7 +292,7 @@
|
||||
/* see if the list of source files is the same and
|
||||
none have been changed up to the included files */
|
||||
for (i = 0; i < nsrcfiles; ++i) {
|
||||
- if (fscanf(oldrefs, "%s", oldname) != 1 ||
|
||||
+ if (! fgets(oldname, sizeof(oldname), oldrefs) ||
|
||||
strnotequal(oldname, srcfiles[i]) ||
|
||||
lstat(srcfiles[i], &statstruct) != 0 ||
|
||||
statstruct.st_mtime > reftime) {
|
||||
@@ -301,7 +301,7 @@
|
||||
}
|
||||
/* the old cross-reference is up-to-date */
|
||||
/* so get the list of included files */
|
||||
- while (i++ < oldnum && fscanf(oldrefs, "%s", oldname) == 1) {
|
||||
+ while (i++ < oldnum && fgets(oldname, sizeof(oldname), oldrefs)) {
|
||||
addsrcfile(oldname);
|
||||
}
|
||||
(void) fclose(oldrefs);
|
@ -1,7 +1,7 @@
|
||||
Summary: C source code tree search and browse tool
|
||||
Name: cscope
|
||||
Version: 15.5
|
||||
Release: 14
|
||||
Release: 15%{dist}.1
|
||||
Source0: http://unc.dl.sourceforge.net/sourceforge/cscope/cscope-15.5.tar.gz
|
||||
URL: http://cscope.sourceforge.net
|
||||
License: BSD
|
||||
@ -23,6 +23,7 @@ Patch6:cscope-15.5-tempsec.patch
|
||||
Patch7:cscope-15.5-inv-overflow.patch
|
||||
Patch8:cscope-15.5-ocs-sysdir.patch
|
||||
Patch9:cscope-15.5-putstring-overflow.patch
|
||||
Patch10: cscope-15.5-fscanf-overflows.patch
|
||||
|
||||
%description
|
||||
cscope is a mature, ncurses based, C source code tree browsing tool. It
|
||||
@ -43,6 +44,7 @@ matches for use in file editing.
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
|
||||
%build
|
||||
%configure
|
||||
@ -91,6 +93,10 @@ rm -f %{xemacs_lisp_path}/xcscope.el
|
||||
rm -f %{emacs_lisp_path}/xcscope.el
|
||||
|
||||
%changelog
|
||||
* Wed Aug 23 2006 Neil Horman <nhorman@redhat.com> -15.5-15%{dist}.1
|
||||
- fixed overflows per bz 203651
|
||||
- start using %{dist} tag to make release numbering easier
|
||||
|
||||
* Mon Jul 17 2006 Jesse Keating <jkeating@redhat.com> - 15.5-14
|
||||
- rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user