Fix a possible buffer overflow in transform_utf16_java()
This commit is contained in:
parent
8c41ebb71d
commit
980edaa463
@ -0,0 +1,43 @@
|
||||
From 3e566ca4b17814de8bc100e3edadbed6e539874f Mon Sep 17 00:00:00 2001
|
||||
From: Reuben Thomas <rrt@sc3d.org>
|
||||
Date: Wed, 11 Sep 2019 19:46:53 +0100
|
||||
Subject: [PATCH] Fix a couple of potential buffer overflows
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
src/java.c | 2 +-
|
||||
src/testdump.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/java.c b/src/java.c
|
||||
index 05367f1..4bb8bc9 100644
|
||||
--- a/src/java.c
|
||||
+++ b/src/java.c
|
||||
@@ -88,7 +88,7 @@ transform_utf16_java (RECODE_SUBTASK subtask)
|
||||
put_byte (value, subtask);
|
||||
else
|
||||
{
|
||||
- char buffer[7];
|
||||
+ char buffer[11];
|
||||
char *cursor;
|
||||
|
||||
sprintf (buffer, "\\u%04x", value);
|
||||
diff --git a/src/testdump.c b/src/testdump.c
|
||||
index ff2ee9d..bd45837 100644
|
||||
--- a/src/testdump.c
|
||||
+++ b/src/testdump.c
|
||||
@@ -254,7 +254,7 @@ produce_count (RECODE_SUBTASK subtask)
|
||||
delayed--;
|
||||
}
|
||||
|
||||
- sprintf (buffer, "%*u %.4X", (int)count_width, (*cursor)->count, character);
|
||||
+ snprintf (buffer, sizeof(buffer), "%*u %.4X", (int)count_width, (*cursor)->count, character);
|
||||
put_string (buffer, subtask);
|
||||
if (mnemonic)
|
||||
{
|
||||
--
|
||||
2.21.0
|
||||
|
@ -58,6 +58,9 @@ URL: https://github.com/rrthomas/recode
|
||||
Source: %{url}/releases/download/v%{version}/recode-%{version}.tar.gz
|
||||
# Make internal hash function identifiers unique
|
||||
Patch0: recode-3.7.1-Rename-coliding-hash-functions.patch
|
||||
# Fix a possible buffer overflow in transform_utf16_java(),
|
||||
# in upstream after 3.7.5
|
||||
Patch1: recode-3.7.5-Fix-a-couple-of-potential-buffer-overflows.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: coreutils
|
||||
@ -96,6 +99,7 @@ This package provides deader files for recode library.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
autoreconf -fi
|
||||
|
||||
%build
|
||||
@ -145,6 +149,7 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||
%changelog
|
||||
* Thu Sep 12 2019 Petr Pisar <ppisar@redhat.com> - 3.7.5-1
|
||||
- 3.7.5 bump
|
||||
- Fix a possible buffer overflow in transform_utf16_java()
|
||||
|
||||
* Mon Sep 02 2019 Petr Pisar <ppisar@redhat.com> - 3.7.4-1
|
||||
- 3.7.4 bump
|
||||
|
Loading…
Reference in New Issue
Block a user