Fix a possible buffer overflow in transform_utf16_java()

This commit is contained in:
Petr Písař 2019-09-12 12:29:10 +02:00
parent 8c41ebb71d
commit 980edaa463
2 changed files with 48 additions and 0 deletions

View File

@ -0,0 +1,43 @@
From 3e566ca4b17814de8bc100e3edadbed6e539874f Mon Sep 17 00:00:00 2001
From: Reuben Thomas <rrt@sc3d.org>
Date: Wed, 11 Sep 2019 19:46:53 +0100
Subject: [PATCH] Fix a couple of potential buffer overflows
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
src/java.c | 2 +-
src/testdump.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/java.c b/src/java.c
index 05367f1..4bb8bc9 100644
--- a/src/java.c
+++ b/src/java.c
@@ -88,7 +88,7 @@ transform_utf16_java (RECODE_SUBTASK subtask)
put_byte (value, subtask);
else
{
- char buffer[7];
+ char buffer[11];
char *cursor;
sprintf (buffer, "\\u%04x", value);
diff --git a/src/testdump.c b/src/testdump.c
index ff2ee9d..bd45837 100644
--- a/src/testdump.c
+++ b/src/testdump.c
@@ -254,7 +254,7 @@ produce_count (RECODE_SUBTASK subtask)
delayed--;
}
- sprintf (buffer, "%*u %.4X", (int)count_width, (*cursor)->count, character);
+ snprintf (buffer, sizeof(buffer), "%*u %.4X", (int)count_width, (*cursor)->count, character);
put_string (buffer, subtask);
if (mnemonic)
{
--
2.21.0

View File

@ -58,6 +58,9 @@ URL: https://github.com/rrthomas/recode
Source: %{url}/releases/download/v%{version}/recode-%{version}.tar.gz
# Make internal hash function identifiers unique
Patch0: recode-3.7.1-Rename-coliding-hash-functions.patch
# Fix a possible buffer overflow in transform_utf16_java(),
# in upstream after 3.7.5
Patch1: recode-3.7.5-Fix-a-couple-of-potential-buffer-overflows.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: coreutils
@ -96,6 +99,7 @@ This package provides deader files for recode library.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
autoreconf -fi
%build
@ -145,6 +149,7 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
%changelog
* Thu Sep 12 2019 Petr Pisar <ppisar@redhat.com> - 3.7.5-1
- 3.7.5 bump
- Fix a possible buffer overflow in transform_utf16_java()
* Mon Sep 02 2019 Petr Pisar <ppisar@redhat.com> - 3.7.4-1
- 3.7.4 bump