Adam Williamson
parent
c83d9ab871
commit
170ea8d03e
33
0001-xattrs-fix-out-of-bounds-access-again.patch
Normal file
33
0001-xattrs-fix-out-of-bounds-access-again.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 5b2b9acd762e859822c99c5262d0bcbccff619de Mon Sep 17 00:00:00 2001
|
||||
From: Adam Williamson <awilliam@redhat.com>
|
||||
Date: Wed, 15 Mar 2023 12:35:38 -0700
|
||||
Subject: [PATCH] xattrs: fix out of bounds access (again)
|
||||
|
||||
This restores the fix from c5db34e , which was somehow lost in
|
||||
83b2f3a . `j` is not available after the loop is done, we need
|
||||
to use i. We use `i - 1` because, of course, list indexes start
|
||||
at 0.
|
||||
|
||||
Fixes https://github.com/plougher/squashfs-tools/issues/230
|
||||
|
||||
Signed-off-by: Adam Williamson <awilliam@redhat.com>
|
||||
---
|
||||
squashfs-tools/xattr.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/squashfs-tools/xattr.c b/squashfs-tools/xattr.c
|
||||
index d48d950..32343f5 100644
|
||||
--- a/squashfs-tools/xattr.c
|
||||
+++ b/squashfs-tools/xattr.c
|
||||
@@ -838,7 +838,7 @@ int read_xattrs(void *d, int type)
|
||||
for(j = 1; j < i; j++)
|
||||
xattr_list[j - 1].vnext = &xattr_list[j];
|
||||
|
||||
- xattr_list[j].vnext = NULL;
|
||||
+ xattr_list[i - 1].vnext = NULL;
|
||||
head = xattr_list;
|
||||
|
||||
sort_xattr_list(&head, i);
|
||||
--
|
||||
2.39.2
|
||||
|
||||
@ -7,7 +7,13 @@ Summary: Utility for the creation of squashfs filesystems
|
||||
%forgemeta
|
||||
URL: %{forgeurl}
|
||||
Source: %{forgesource}
|
||||
Release: 0.6%{dist}
|
||||
# https://github.com/plougher/squashfs-tools/pull/231
|
||||
# https://github.com/plougher/squashfs-tools/issues/230
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2178510
|
||||
# Fix a crash caused by an out-of-bounds access that was inadvertently
|
||||
# re-introduced in a memory leak fix
|
||||
Patch0: 0001-xattrs-fix-out-of-bounds-access-again.patch
|
||||
Release: 0.7%{dist}
|
||||
License: GPLv2+
|
||||
|
||||
BuildRequires: make
|
||||
@ -26,6 +32,7 @@ contains the utilities for manipulating squashfs filesystems.
|
||||
|
||||
%prep
|
||||
%forgesetup
|
||||
%autopatch -p1
|
||||
|
||||
%build
|
||||
%set_build_flags
|
||||
@ -50,6 +57,9 @@ make INSTALL_PREFIX=%{buildroot}/usr INSTALL_DIR=%{buildroot}%{_sbindir} INSTALL
|
||||
%{_sbindir}/sqfscat
|
||||
|
||||
%changelog
|
||||
* Wed Mar 15 2023 Adam Williamson <awilliam@redhat.com> - 4.6-0.7.20230314git36abab0
|
||||
- Backport PR #231 to fix a crash (#2178510)
|
||||
|
||||
* Tue Mar 14 2023 Bruno Wolff III <bruno@wolff.to> - 4.6-0.6^20230314git36abab0
|
||||
- A few minor memory leaks were fixed
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user