Fix crash during uncompression of zlib (RHBZ #1350252)
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
This commit is contained in:
Igor Gnatenko
Kamil Dudka
parent
85d63d0c52
commit
8744d9e814
39
file-5.28-compress-sigsegv.patch
Normal file
39
file-5.28-compress-sigsegv.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 62e28c9ee3a66f6401da0acd414eb07cd1bf8a4e Mon Sep 17 00:00:00 2001
|
||||
From: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
||||
Date: Mon, 27 Jun 2016 00:52:25 +0200
|
||||
Subject: [PATCH] compress: don't try to copy NULL string
|
||||
|
||||
In zlib there are few functions which can fail and set msg
|
||||
to NULL instead of some message.
|
||||
|
||||
if we pass NULL as source then strlcpy just crashes because it
|
||||
tries to dereference NULL-pointer so for error reporting when
|
||||
msg is NULL we will just convert rc to message via zError().
|
||||
|
||||
In case of RPM's usage inflate() was returning Z_NEED_DICT.
|
||||
|
||||
References: https://bugzilla.redhat.com/show_bug.cgi?id=1350252
|
||||
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
||||
---
|
||||
src/compress.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/compress.c b/src/compress.c
|
||||
index 1988fe7..6f6e967 100644
|
||||
--- a/src/compress.c
|
||||
+++ b/src/compress.c
|
||||
@@ -517,7 +517,10 @@ uncompresszlib(const unsigned char *old, unsigned char **newch,
|
||||
|
||||
return OKDATA;
|
||||
err:
|
||||
- strlcpy((char *)*newch, z.msg, bytes_max);
|
||||
+ if (z.msg != NULL)
|
||||
+ strlcpy((char *)*newch, z.msg, bytes_max);
|
||||
+ else
|
||||
+ strlcpy((char *)*newch, zError(rc), bytes_max);
|
||||
*n = strlen((char *)*newch);
|
||||
return ERRDATA;
|
||||
}
|
||||
--
|
||||
2.5.5
|
||||
|
||||
10
file.spec
10
file.spec
@ -5,7 +5,7 @@
|
||||
Summary: A utility for determining file types
|
||||
Name: file
|
||||
Version: 5.28
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: BSD
|
||||
Group: Applications/File
|
||||
Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz
|
||||
@ -25,6 +25,9 @@ Patch14: file-5.19-cafebabe.patch
|
||||
Patch15: file-5.22-awk-perl.patch
|
||||
Patch17: file-5.24-varied.patch
|
||||
|
||||
# https://github.com/file/file/pull/8
|
||||
Patch100: file-5.28-compress-sigsegv.patch
|
||||
|
||||
URL: http://www.darwinsys.com/file/
|
||||
Requires: file-libs = %{version}-%{release}
|
||||
BuildRequires: zlib-devel
|
||||
@ -97,6 +100,8 @@ file(1) command.
|
||||
%patch15 -p1
|
||||
%patch17 -p1
|
||||
|
||||
%patch100 -p1
|
||||
|
||||
# Patches can generate *.orig files, which can't stay in the magic dir,
|
||||
# otherwise there will be problems with compiling magic file!
|
||||
rm -fv magic/Magdir/*.orig
|
||||
@ -203,6 +208,9 @@ cd %{py3dir}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jun 27 2016 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 5.28-2
|
||||
- Fix crash during uncompression of zlib (RHBZ #1350252)
|
||||
|
||||
* Fri Jun 24 2016 Kamil Dudka <kdudka@redhat.com> - 5.28-1
|
||||
- update to new version 5.28
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user