Compare commits
No commits in common. "c8-beta" and "c8" have entirely different histories.
@ -0,0 +1,115 @@
|
||||
From 4077146f8a49eeb0fc0c01ef45398aaca53bc958 Mon Sep 17 00:00:00 2001
|
||||
From: Wim Taymans <wtaymans@redhat.com>
|
||||
Date: Wed, 31 Jul 2024 11:12:48 +0200
|
||||
Subject: [PATCH] Use vasprintf() if available for error messages and otherwise
|
||||
vsnprintf()
|
||||
|
||||
vasprintf() is a GNU/BSD extension and would allocate as much memory as required
|
||||
on the heap, similar to g_strdup_printf(). It's ridiculous that such a function
|
||||
is still not provided as part of standard C.
|
||||
|
||||
If it's not available, use vsnprintf() to at least avoid stack/heap buffer
|
||||
overflows, which can lead to arbitrary code execution.
|
||||
|
||||
Thanks to Noriko Totsuka for reporting.
|
||||
|
||||
Fixes JVN#02030803 / JPCERT#92912620 / CVE-2024-40897
|
||||
Fixes #69
|
||||
|
||||
Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/191>
|
||||
---
|
||||
configure.ac | 1 +
|
||||
meson.build | 1 +
|
||||
orc/orccompiler.c | 6 +++++-
|
||||
orc/orcparse.c | 18 +++++++++++++++---
|
||||
4 files changed, 22 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index bdf89a6..0dd7d7a 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -64,6 +64,7 @@ AC_CHECK_HEADERS([inttypes.h])
|
||||
AC_CHECK_HEADERS([sys/time.h])
|
||||
AC_CHECK_HEADERS([unistd.h])
|
||||
|
||||
+AC_CHECK_FUNCS([vasprintf])
|
||||
AC_CHECK_FUNCS([gettimeofday])
|
||||
AC_CHECK_FUNCS([sigaction])
|
||||
AC_CHECK_FUNCS([sigsetjmp])
|
||||
diff --git a/meson.build b/meson.build
|
||||
index 32f6492..ec085f0 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -97,6 +97,7 @@ int main() {
|
||||
'''
|
||||
cdata.set('HAVE_MONOTONIC_CLOCK', cc.compiles(monotonic_test))
|
||||
cdata.set('HAVE_GETTIMEOFDAY', cc.has_function('gettimeofday'))
|
||||
+cdata.set('HAVE_VASPRINTF', cc.has_function('vasprintf'))
|
||||
cdata.set('HAVE_POSIX_MEMALIGN', cc.has_function('posix_memalign'))
|
||||
cdata.set('HAVE_MMAP', cc.has_function('mmap'))
|
||||
|
||||
diff --git a/orc/orccompiler.c b/orc/orccompiler.c
|
||||
index 57c3ea4..6c16816 100644
|
||||
--- a/orc/orccompiler.c
|
||||
+++ b/orc/orccompiler.c
|
||||
@@ -1207,8 +1207,12 @@ orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt,
|
||||
|
||||
if (compiler->error_msg) return;
|
||||
|
||||
+#ifdef HAVE_VASPRINTF
|
||||
+ vasprintf (&s, fmt, args);
|
||||
+#else
|
||||
s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
|
||||
- vsprintf (s, fmt, args);
|
||||
+ vsnprintf (s, ORC_COMPILER_ERROR_BUFFER_SIZE, fmt, args);
|
||||
+#endif
|
||||
compiler->error_msg = s;
|
||||
compiler->error = TRUE;
|
||||
compiler->result = ORC_COMPILE_RESULT_UNKNOWN_COMPILE;
|
||||
diff --git a/orc/orcparse.c b/orc/orcparse.c
|
||||
index f46b0be..56a9c3a 100644
|
||||
--- a/orc/orcparse.c
|
||||
+++ b/orc/orcparse.c
|
||||
@@ -401,9 +401,13 @@ opcode_arg_size (OrcStaticOpcode *opcode, int arg)
|
||||
static void
|
||||
orc_parse_log_valist (OrcParser *parser, const char *format, va_list args)
|
||||
{
|
||||
- char s[100];
|
||||
+#ifdef HAVE_VASPRINTF
|
||||
+ char *s;
|
||||
+#else
|
||||
+ char s[100] = { '\0' };
|
||||
+#endif
|
||||
int len;
|
||||
-
|
||||
+
|
||||
if (parser->error_program != parser->program) {
|
||||
sprintf(s, "In function %s:\n", parser->program->name);
|
||||
len = strlen(s);
|
||||
@@ -418,7 +422,11 @@ orc_parse_log_valist (OrcParser *parser, const char *format, va_list args)
|
||||
parser->error_program = parser->program;
|
||||
}
|
||||
|
||||
- vsprintf(s, format, args);
|
||||
+#ifdef HAVE_VASPRINTF
|
||||
+ vasprintf (&s, format, args);
|
||||
+#else
|
||||
+ vsnprintf (s, sizeof (s), format, args);
|
||||
+#endif
|
||||
len = strlen(s);
|
||||
|
||||
if (parser->log_size + len + 1 >= parser->log_alloc) {
|
||||
@@ -428,6 +436,10 @@ orc_parse_log_valist (OrcParser *parser, const char *format, va_list args)
|
||||
|
||||
strcpy (parser->log + parser->log_size, s);
|
||||
parser->log_size += len;
|
||||
+
|
||||
+#ifdef HAVE_VASPRINTF
|
||||
+ free (s);
|
||||
+#endif
|
||||
}
|
||||
|
||||
static void
|
||||
--
|
||||
2.45.2
|
||||
|
@ -1,6 +1,6 @@
|
||||
Name: orc
|
||||
Version: 0.4.28
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: The Oil Run-time Compiler
|
||||
|
||||
Group: System Environment/Libraries
|
||||
@ -10,6 +10,7 @@ Source0: http://gstreamer.freedesktop.org/src/orc/%{name}-%{version}.tar.xz
|
||||
|
||||
# upstream patches
|
||||
Patch0: 0001-x86-add-endbr32-and-endbr64-instructions.patch
|
||||
Patch1: 0001-Use-vasprintf-if-available-for-error-messages-and-ot.patch
|
||||
|
||||
BuildRequires: gtk-doc, libtool
|
||||
|
||||
@ -53,6 +54,7 @@ The Orc compiler, to produce optimized code.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
gtkdocize --copy
|
||||
NOCONFIGURE=1 autoreconf -vif
|
||||
|
||||
@ -105,6 +107,10 @@ make check
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jul 31 2024 Wim Taymans <wtaymans@redhat.com> 0.4.28-4
|
||||
- Add patch for CVE-2024-40897
|
||||
- Resolves: RHEL-50710
|
||||
|
||||
* Thu Sep 12 2019 Wim Taymans <wtaymans@redhat.com> 0.4.28-3
|
||||
- x86: add endbr32 and endbr64 instructions
|
||||
- Resolves: rhbz#1693292
|
||||
|
Loading…
Reference in New Issue
Block a user