From 6ae7ae07108233cc68af6c230d714cf279eca25a Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Thu, 11 Oct 2018 15:29:08 +0200 Subject: [PATCH] Fixed #1582675 - Patch can be crashed and coredumped with a trivial wrong command --- patch-2.7.6-git-style.patch | 70 +++++++++++++++++++++++++++++++++++++ patch.spec | 11 ++++-- 2 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 patch-2.7.6-git-style.patch diff --git a/patch-2.7.6-git-style.patch b/patch-2.7.6-git-style.patch new file mode 100644 index 0000000..eeee233 --- /dev/null +++ b/patch-2.7.6-git-style.patch @@ -0,0 +1,70 @@ +diff -up patch-2.7.6/src/patch.c.git-style patch-2.7.6/src/patch.c +--- patch-2.7.6/src/patch.c.git-style 2018-02-03 13:41:49.000000000 +0100 ++++ patch-2.7.6/src/patch.c 2018-10-11 15:01:08.709406802 +0200 +@@ -1938,8 +1938,12 @@ output_files (struct stat const *st) + { + gl_list_iterator_t iter; + const void *elt; ++ gl_list_t files; + +- iter = gl_list_iterator (files_to_output); ++ files = files_to_output; ++ init_files_to_output (); ++ ++ iter = gl_list_iterator (files); + while (gl_list_iterator_next (&iter, &elt, NULL)) + { + const struct file_to_output *file_to_output = elt; +@@ -1957,8 +1961,8 @@ output_files (struct stat const *st) + /* Free the list up to here. */ + for (;;) + { +- const void *elt2 = gl_list_get_at (files_to_output, 0); +- gl_list_remove_at (files_to_output, 0); ++ const void *elt2 = gl_list_get_at (files, 0); ++ gl_list_remove_at (files, 0); + if (elt == elt2) + break; + } +@@ -1967,7 +1971,7 @@ output_files (struct stat const *st) + } + } + gl_list_iterator_free (&iter); +- gl_list_clear (files_to_output); ++ gl_list_clear (files); + } + + /* Fatal exit with cleanup. */ +diff -up patch-2.7.6/tests/git-error.git-style patch-2.7.6/tests/git-error +--- patch-2.7.6/tests/git-error.git-style 2018-10-11 15:00:09.349200685 +0200 ++++ patch-2.7.6/tests/git-error 2018-10-11 15:00:09.349200685 +0200 +@@ -0,0 +1,29 @@ ++# Copyright (C) 2018 Free Software Foundation, Inc. ++# ++# Copying and distribution of this file, with or without modification, ++# in any medium, are permitted without royalty provided the copyright ++# notice and this notice are preserved. ++ ++. $srcdir/test-lib.sh ++ ++require cat ++use_local_patch ++use_tmpdir ++ ++cat > f.diff < - 2.7.6-7 +- Fixed #1582675 - Patch can be crashed and coredumped with a trivial wrong command + * Wed Aug 15 2018 Than Ngo - 2.7.6-6 - Fixed #1554752 - Double free of memory, CVE-2018-6952