Fix fortify fail in gsd-color-manager.c (#714625)

2011-06-21 12:49:19 +02:00 · 2011-06-21 12:49:19 +02:00 · a3f21c1849
commit a3f21c1849
parent 817bbfa478
2 changed files with 89 additions and 1 deletions
--- a/gnome-settings-daemon-3.1.3-color-widestring.patch
+++ b/gnome-settings-daemon-3.1.3-color-widestring.patch
@ -0,0 +1,81 @@
+From ac60d0ae037096859cf452d074e9bd345974c786 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard@hughsie.com>
+Date: Mon, 20 Jun 2011 16:41:28 +0000
+Subject: color: Fix a potential buffer-overflow when converting to wide text
+
+Thanks to fortify protection, g-s-d fails to build for some distros.
+Copy the fix from Colin that went into colord a few days ago.
+---
+diff --git a/plugins/color/gsd-color-manager.c b/plugins/color/gsd-color-manager.c
+index 0b1c882..0391175 100644
+--- a/plugins/color/gsd-color-manager.c
+++ b/plugins/color/gsd-color-manager.c
+@@ -87,10 +87,10 @@ typedef struct {
+ GQuark
+ gsd_color_manager_error_quark (void)
+ {
+-	static GQuark quark = 0;
+-	if (!quark)
+-		quark = g_quark_from_static_string ("gsd_color_manager_error");
+-	return quark;
+        static GQuark quark = 0;
+        if (!quark)
+                quark = g_quark_from_static_string ("gsd_color_manager_error");
+        return quark;
+ }
+ 
+ static GcmEdid *
+@@ -492,17 +492,46 @@ out:
+ }
+ 
+ #ifdef HAVE_NEW_LCMS
+static wchar_t *
+utf8_to_wchar_t (const char *src)
+{
+        gsize len;
+        gsize converted;
+        wchar_t *buf = NULL;
+
+        len = mbstowcs (NULL, src, 0);
+        if (len < 0) {
+                g_warning ("Invalid UTF-8 in string %s", src);
+                goto out;
+        }
+        len += 1;
+        buf = g_malloc (sizeof (wchar_t) * len);
+        converted = mbstowcs (buf, src, len - 1);
+        g_assert (converted != -1);
+        buf[converted] = '\0';
+out:
+        return buf;
+}
+
+ static cmsBool
+ _cmsDictAddEntryAscii (cmsHANDLE dict,
+                        const gchar *key,
+                        const gchar *value)
+ {
+-        cmsBool ret;
+-        wchar_t mb_key[1024];
+-        wchar_t mb_value[1024];
+-        mbstowcs (mb_key, key, sizeof (mb_key));
+-        mbstowcs (mb_value, value, sizeof (mb_value));
+        cmsBool ret = FALSE;
+        wchar_t *mb_key = NULL;
+        wchar_t *mb_value = NULL;
+
+        mb_key = utf8_to_wchar_t (key);
+        if (mb_key == NULL)
+                goto out;
+        mb_value = utf8_to_wchar_t (value);
+        if (mb_value == NULL)
+                goto out;
+         ret = cmsDictAddEntry (dict, mb_key, mb_value, NULL, NULL);
+out:
+        g_free (mb_key);
+        g_free (mb_value);
+         return ret;
+ }
+ #endif /* HAVE_NEW_LCMS */
+--
+cgit v0.9
--- a/gnome-settings-daemon.spec
+++ b/gnome-settings-daemon.spec
@ -1,6 +1,6 @@
 Name:           gnome-settings-daemon
 Version:        3.1.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The daemon sharing settings from GNOME to GTK+/KDE applications

 Group:          System Environment/Daemons
@ -9,6 +9,9 @@ URL:            http://download.gnome.org/sources/%{name}
 #VCS: git:git://git.gnome.org/gnome-settings-daemon
 Source:         http://download.gnome.org/sources/%{name}/3.1/%{name}-%{version}.tar.xz

+# from upstream
+Patch0: gnome-settings-daemon-3.1.3-color-widestring.patch
+
 Requires(pre):    GConf2 >= 2.14
 Requires(preun):  GConf2 >= 2.14
 Requires(post):   GConf2 >= 2.14
@ -57,6 +60,7 @@ developing applications that use %{name}.

 %prep
 %setup -q
+%patch0 -p1 -b .color-wide

 # autoreconf -i -f

@ -210,6 +214,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 %{_datadir}/gnome-settings-daemon-3.0/input-device-example.sh

 %changelog
+* Tue Jun 21 2011 Tomas Bzatek <tbzatek@redhat.com> - 3.1.2-2
+- Fix fortify fail in gsd-color-manager.c (#714625)
+
 * Wed Jun 15 2011 Tomas Bzatek <tbzatek@redhat.com> - 3.1.2-1
 - Update to 3.1.2