Fix several important Covscan defects

- resolves: #1938735
2021-10-11 10:25:05 +02:00 · 2021-10-11 10:25:05 +02:00 · c236c5e30b
commit c236c5e30b
parent 35788592bf
4 changed files with 105 additions and 1 deletions
--- a/0006-xtotroff-Avoid-overrunning-buffer-write.patch
+++ b/0006-xtotroff-Avoid-overrunning-buffer-write.patch
@ -0,0 +1,46 @@
+From 1fce38a3b2dc10c5bdd2c9f97c08c66dce7f0a95 Mon Sep 17 00:00:00 2001
+From: "G. Branden Robinson" <g.branden.robinson@gmail.com>
+Date: Tue, 1 Dec 2020 16:37:16 +1100
+Subject: [PATCH 6/7] [xtotroff]: Avoid overrunning buffer write.
+
+* src/utils/xtotroff/xtotroff.c (MapFont): Avoid writing past
+  the end of a static buffer.  Problem found and patch supplied by
+  Bjarni Ingi Gislason.  I tweaked it to comment it differently (in case
+  the buffer ever needs to grow, but the prospects of future X11
+  server-side font rendering development seem dim) and use snprintf()
+  instead of retaining the existing sprintf().
+
+  Quiets warning: '%s' directive writing up to 255 bytes into a region
+  of size between 0 and 255 [-Wformat-overflow=].
+---
+ src/utils/xtotroff/xtotroff.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/utils/xtotroff/xtotroff.c b/src/utils/xtotroff/xtotroff.c
+index 8545a5e..aee2a1a 100644
+--- a/src/utils/xtotroff/xtotroff.c
+++ b/src/utils/xtotroff/xtotroff.c
+@@ -127,7 +127,9 @@ static int MapFont(char *font_name, const char *troff_name)
+   XFontName parsed;
+   int j, k;
+   DviCharNameMap *char_map;
+-  char encoding[256];
+  /* 'encoding' needs to hold a CharSetRegistry (256), a CharSetEncoding
+     (256) [both from XFontName.h], a dash, and a null terminator. */
+  char encoding[256 * 2 + 1 + 1];
+   char *s;
+   int wid;
+   char name_string[2048];
+@@ -156,7 +158,8 @@ static int MapFont(char *font_name, const char *troff_name)
+     return 0;
+ 
+   XParseFontName(names[0], &parsed, &attributes);
+-  sprintf(encoding, "%s-%s", parsed.CharSetRegistry,
+  size_t sz = sizeof encoding;
+  snprintf(encoding, sz, "%s-%s", parsed.CharSetRegistry,
+ 	  parsed.CharSetEncoding);
+   for (s = encoding; *s; s++)
+     if (isupper(*s))
+-- 
+2.32.0
+
--- a/0007-grohtml-Avoid-deallocation-of-static-strings.patch
+++ b/0007-grohtml-Avoid-deallocation-of-static-strings.patch
@ -0,0 +1,45 @@
+From a84f97f7dbeaf1ad0b3537c10e409dcf77baec52 Mon Sep 17 00:00:00 2001
+From: "G. Branden Robinson" <g.branden.robinson@gmail.com>
+Date: Sun, 23 May 2021 13:01:52 +1000
+Subject: [PATCH 7/7] [grohtml]: Avoid deallocation of static strings.
+
+* src/devices/grohtml/post-html.cpp (assert_state::add): Avoid potential
+  deallocation of statically-allocated strings.  Use strsave() to
+  duplicate them so that they can be safely handed to a_delete().  Also
+  update diagnostic message to report name of complaining program
+  (continuing the long process of fixing Savannah #52463).
+
+Fixes <https://savannah.gnu.org/bugs/index.php?60656>.  Thanks to
+Petru-Florin Mihancea for the report.
+
+Also wrap source lines at 72 columns.
+---
+ src/devices/grohtml/post-html.cpp | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/devices/grohtml/post-html.cpp b/src/devices/grohtml/post-html.cpp
+index 7bc017e..5218f92 100644
+--- a/src/devices/grohtml/post-html.cpp
+++ b/src/devices/grohtml/post-html.cpp
+@@ -1737,13 +1737,14 @@ void assert_state::add (assert_pos **h,
+     }
+     if (v == NULL || v[0] != '=') {
+       if (f == NULL)
+-	f = "stdin";
+	f = strsave("stdin");
+       if (l == NULL)
+-	l = "<none>";
+	l = strsave("<none>");
+       if (v == NULL)
+ 	v = "no value at all";
+-      fprintf(stderr, "%s:%s:error in assert format of id=%s expecting value to be prefixed with an '=' got %s\n",
+-	      f, l, i, v);
+      fprintf(stderr, "%s:%s:%s:error in assert format of id=%s;"
+	      " expecting value to be prefixed with an '=', got %s\n",
+	      program_name, f, l, i, v);
+     }
+     t->id = i;
+     t->val = v;
+-- 
+2.32.0
+
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/groff.spec
+++ b/groff.spec
@ -3,7 +3,7 @@
 Summary: A document formatting system
 Name: groff
 Version: 1.22.4
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv3+ and GFDL and BSD and MIT
 URL: http://www.gnu.org/software/groff/
 Source: ftp://ftp.gnu.org/gnu/groff/groff-%{version}.tar.gz
@ -17,6 +17,9 @@ Patch2: 0003-various-security-fixes.patch
 Patch3: 0004-don-t-use-usr-bin-env-in-shebang.patch
 # allow to specify custom docdir
 Patch4: 0005-do-not-overwrite-docdir.patch
+# resolves: #1938735
+Patch5: 0006-xtotroff-Avoid-overrunning-buffer-write.patch
+Patch6: 0007-grohtml-Avoid-deallocation-of-static-strings.patch

 Requires: coreutils, groff-base = %{version}-%{release}

@ -477,6 +480,10 @@ fi
 %doc %{_pkgdocdir}/pdf/

 %changelog
+* Mon Oct 11 2021 Nikola Forró <nforro@redhat.com> - 1.22.4-10
+- Fix several important Covscan defects
+  resolves: #1938735
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.22.4-9
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688