Adam Williamson
parent
c83d9ab871
commit
170ea8d03e
33
0001-xattrs-fix-out-of-bounds-access-again.patch
Normal file
33
0001-xattrs-fix-out-of-bounds-access-again.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From 5b2b9acd762e859822c99c5262d0bcbccff619de Mon Sep 17 00:00:00 2001
|
||||||
|
From: Adam Williamson <awilliam@redhat.com>
|
||||||
|
Date: Wed, 15 Mar 2023 12:35:38 -0700
|
||||||
|
Subject: [PATCH] xattrs: fix out of bounds access (again)
|
||||||
|
|
||||||
|
This restores the fix from c5db34e , which was somehow lost in
|
||||||
|
83b2f3a . `j` is not available after the loop is done, we need
|
||||||
|
to use i. We use `i - 1` because, of course, list indexes start
|
||||||
|
at 0.
|
||||||
|
|
||||||
|
Fixes https://github.com/plougher/squashfs-tools/issues/230
|
||||||
|
|
||||||
|
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||||
|
---
|
||||||
|
squashfs-tools/xattr.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/squashfs-tools/xattr.c b/squashfs-tools/xattr.c
|
||||||
|
index d48d950..32343f5 100644
|
||||||
|
--- a/squashfs-tools/xattr.c
|
||||||
|
+++ b/squashfs-tools/xattr.c
|
||||||
|
@@ -838,7 +838,7 @@ int read_xattrs(void *d, int type)
|
||||||
|
for(j = 1; j < i; j++)
|
||||||
|
xattr_list[j - 1].vnext = &xattr_list[j];
|
||||||
|
|
||||||
|
- xattr_list[j].vnext = NULL;
|
||||||
|
+ xattr_list[i - 1].vnext = NULL;
|
||||||
|
head = xattr_list;
|
||||||
|
|
||||||
|
sort_xattr_list(&head, i);
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
@ -7,7 +7,13 @@ Summary: Utility for the creation of squashfs filesystems
|
|||||||
%forgemeta
|
%forgemeta
|
||||||
URL: %{forgeurl}
|
URL: %{forgeurl}
|
||||||
Source: %{forgesource}
|
Source: %{forgesource}
|
||||||
Release: 0.6%{dist}
|
# https://github.com/plougher/squashfs-tools/pull/231
|
||||||
|
# https://github.com/plougher/squashfs-tools/issues/230
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2178510
|
||||||
|
# Fix a crash caused by an out-of-bounds access that was inadvertently
|
||||||
|
# re-introduced in a memory leak fix
|
||||||
|
Patch0: 0001-xattrs-fix-out-of-bounds-access-again.patch
|
||||||
|
Release: 0.7%{dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
@ -26,6 +32,7 @@ contains the utilities for manipulating squashfs filesystems.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%forgesetup
|
%forgesetup
|
||||||
|
%autopatch -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%set_build_flags
|
%set_build_flags
|
||||||
@ -50,6 +57,9 @@ make INSTALL_PREFIX=%{buildroot}/usr INSTALL_DIR=%{buildroot}%{_sbindir} INSTALL
|
|||||||
%{_sbindir}/sqfscat
|
%{_sbindir}/sqfscat
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Mar 15 2023 Adam Williamson <awilliam@redhat.com> - 4.6-0.7.20230314git36abab0
|
||||||
|
- Backport PR #231 to fix a crash (#2178510)
|
||||||
|
|
||||||
* Tue Mar 14 2023 Bruno Wolff III <bruno@wolff.to> - 4.6-0.6^20230314git36abab0
|
* Tue Mar 14 2023 Bruno Wolff III <bruno@wolff.to> - 4.6-0.6^20230314git36abab0
|
||||||
- A few minor memory leaks were fixed
|
- A few minor memory leaks were fixed
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user