rpms/squashfs-tools
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Adjust upstream patch for 4.2 release

Browse Source
This commit is contained in:
Bruno Wolff III 2012-11-25 17:25:38 -06:00
parent 038e2d1dea
commit af10d8978d
2 changed files with 92 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

192
buffer-issue.patch
View File

@ -80,8 +80,8 @@ Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
diff --git a/squashfs-tools/squashfs_fs.h b/squashfs-tools/squashfs_fs.h diff --git a/squashfs-tools/squashfs_fs.h b/squashfs-tools/squashfs_fs.h
index d1dc987..58d31f4 100644 index d1dc987..58d31f4 100644
--- a/squashfs-tools/squashfs_fs.h --- squashfs-tools/squashfs_fs.h
+++ b/squashfs-tools/squashfs_fs.h +++ squashfs-tools/squashfs_fs.h
@@ -39,6 +39,7 @@ @@ -39,6 +39,7 @@
#define SQUASHFS_FILE_LOG 17 #define SQUASHFS_FILE_LOG 17
@ -90,19 +90,17 @@ index d1dc987..58d31f4 100644
/* Max number of uids and gids */ /* Max number of uids and gids */
#define SQUASHFS_IDS 65536 #define SQUASHFS_IDS 65536
diff --git a/squashfs-tools/unsquashfs.c b/squashfs-tools/unsquashfs.c --- squashfs-tools/unsquashfs.c.buffer 2012-11-25 17:07:52.237809893 -0600
index d9d1377..1afcbf9 100644 +++ squashfs-tools/unsquashfs.c 2012-11-25 17:15:24.155246275 -0600
--- a/squashfs-tools/unsquashfs.c @@ -31,6 +31,7 @@
+++ b/squashfs-tools/unsquashfs.c
@@ -34,6 +34,7 @@ #include <sys/sysinfo.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
+#include <limits.h> +#include <limits.h>
struct cache *fragment_cache, *data_cache; struct cache *fragment_cache, *data_cache;
struct queue *to_reader, *to_deflate, *to_writer, *from_writer; struct queue *to_reader, *to_deflate, *to_writer, *from_writer;
@@ -139,6 +140,24 @@ void sigalrm_handler() @@ -136,6 +137,24 @@
} }
@ -127,7 +125,7 @@ index d9d1377..1afcbf9 100644
struct queue *queue_init(int size) struct queue *queue_init(int size)
{ {
struct queue *queue = malloc(sizeof(struct queue)); struct queue *queue = malloc(sizeof(struct queue));
@@ -146,6 +165,10 @@ struct queue *queue_init(int size) @@ -143,6 +162,10 @@
if(queue == NULL) if(queue == NULL)
EXIT_UNSQUASH("Out of memory in queue_init\n"); EXIT_UNSQUASH("Out of memory in queue_init\n");
@ -138,75 +136,64 @@ index d9d1377..1afcbf9 100644
queue->data = malloc(sizeof(void *) * (size + 1)); queue->data = malloc(sizeof(void *) * (size + 1));
if(queue->data == NULL) if(queue->data == NULL)
EXIT_UNSQUASH("Out of memory in queue_init\n"); EXIT_UNSQUASH("Out of memory in queue_init\n");
@@ -2015,13 +2038,30 @@ void initialise_threads(int fragment_buffer_size, int data_buffer_size) @@ -1805,7 +1828,7 @@
* allocate to_reader, to_deflate and to_writer queues. Set based on {
* open file limit and cache size, unless open file limit is unlimited, int i;
* in which case set purely based on cache limits sigset_t sigmask, old_mask;
+ * - int all_buffers_size = fragment_buffer_size + data_buffer_size;
+ * In doing so, check that the user supplied values do not overflow + int all_buffers_size;
+ * a signed int
*/
if (max_files != -1) {
+ if(add_overflow(data_buffer_size, max_files) ||
+ add_overflow(data_buffer_size, max_files * 2))
+ EXIT_UNSQUASH("Data queue size is too large\n");
+
to_reader = queue_init(max_files + data_buffer_size);
to_deflate = queue_init(max_files + data_buffer_size);
to_writer = queue_init(max_files * 2 + data_buffer_size);
} else {
- int all_buffers_size = fragment_buffer_size + data_buffer_size;
+ int all_buffers_size;
+
+ if(add_overflow(fragment_buffer_size, data_buffer_size))
+ EXIT_UNSQUASH("Data and fragment queues combined are"
+ " too large\n");
+
+ all_buffers_size = fragment_buffer_size + data_buffer_size;
+
+ if(add_overflow(all_buffers_size, all_buffers_size))
+ EXIT_UNSQUASH("Data and fragment queues combined are"
+ " too large\n");
to_reader = queue_init(all_buffers_size); sigemptyset(&sigmask);
to_deflate = queue_init(all_buffers_size); sigaddset(&sigmask, SIGINT);
@@ -2126,8 +2166,34 @@ void progress_bar(long long current, long long max, int columns) @@ -1841,6 +1864,15 @@
EXIT_UNSQUASH("Out of memory allocating thread descriptors\n");
deflator_thread = &thread[3];
+ if(add_overflow(fragment_buffer_size, data_buffer_size))
+ EXIT_UNSQUASH("Data and fragment queues combined are"
+ " too large\n");
+
+ all_buffers_size = fragment_buffer_size + data_buffer_size;
+
+ if(add_overflow(all_buffers_size, all_buffers_size))
+ EXIT_UNSQUASH("Data and fragment queues combined are"
+ " too large\n");
to_reader = queue_init(all_buffers_size);
to_deflate = queue_init(all_buffers_size);
to_writer = queue_init(1000);
@@ -1940,6 +1972,31 @@
fflush(stdout);
} }
+int parse_number(char *arg, int *res) +int parse_number(char *arg, int *res)
+{ +{
+ char *b; + char *b;
+ long number = strtol(arg, &b, 10); + long number = strtol(arg, &b, 10);
+ +
+ /* check for trailing junk after number */ + /* check for trailing junk after number */
+ if(*b != '\0') + if(*b != '\0')
+ return 0; + return 0;
+ +
+ /* check for strtol underflow or overflow in conversion */ + /* check for strtol underflow or overflow in conversion */
+ if(number == LONG_MIN || number == LONG_MAX) + if(number == LONG_MIN || number == LONG_MAX)
+ return 0; + return 0;
+ +
+ /* reject negative numbers as invalid */ + /* reject negative numbers as invalid */
+ if(number < 0) + if(number < 0)
+ return 0; + return 0;
+ +
+ /* check if long result will overflow signed int */ + /* check if long result will overflow signed int */
+ if(number > INT_MAX) + if(number > INT_MAX)
+ return 0; + return 0;
+ +
+ *res = number; + *res = number;
+ return 1; + return 1;
+} +}
+ +
+
#define VERSION() \ #define VERSION() \
- printf("unsquashfs version 4.2-git (2012/11/21)\n");\ printf("unsquashfs version 4.2 (2011/02/28)\n");\
+ printf("unsquashfs version 4.2-git (2012/11/24)\n");\ @@ -2022,8 +2079,8 @@
printf("copyright (C) 2012 Phillip Lougher "\
"<phillip@squashfs.org.uk>\n\n");\
printf("This program is free software; you can redistribute it and/or"\
@@ -2207,8 +2273,8 @@ int main(int argc, char *argv[])
} else if(strcmp(argv[i], "-data-queue") == 0 || } else if(strcmp(argv[i], "-data-queue") == 0 ||
strcmp(argv[i], "-da") == 0) { strcmp(argv[i], "-da") == 0) {
if((++i == argc) || if((++i == argc) ||
@ -217,7 +204,7 @@ index d9d1377..1afcbf9 100644
ERROR("%s: -data-queue missing or invalid " ERROR("%s: -data-queue missing or invalid "
"queue size\n", argv[0]); "queue size\n", argv[0]);
exit(1); exit(1);
@@ -2221,8 +2287,8 @@ int main(int argc, char *argv[]) @@ -2036,8 +2093,8 @@
} else if(strcmp(argv[i], "-frag-queue") == 0 || } else if(strcmp(argv[i], "-frag-queue") == 0 ||
strcmp(argv[i], "-fr") == 0) { strcmp(argv[i], "-fr") == 0) {
if((++i == argc) || if((++i == argc) ||
@ -228,45 +215,46 @@ index d9d1377..1afcbf9 100644
ERROR("%s: -frag-queue missing or invalid " ERROR("%s: -frag-queue missing or invalid "
"queue size\n", argv[0]); "queue size\n", argv[0]);
exit(1); exit(1);
@@ -2347,11 +2413,39 @@ options: @@ -2161,8 +2218,41 @@
block_size = sBlk.s.block_size;
block_log = sBlk.s.block_log; block_log = sBlk.s.block_log;
/*
+ * Sanity check block size and block log.
+ *
+ * Check they're within correct limits
+ */
+ if(block_size > SQUASHFS_FILE_MAX_SIZE ||
+ block_log > SQUASHFS_FILE_MAX_LOG)
+ EXIT_UNSQUASH("Block size or block_log too large."
+ " File system is corrupt.\n");
+
+ /*
+ * Check block_size and block_log match
+ */
+ if(block_size != (1 << block_log))
+ EXIT_UNSQUASH("Block size and block_log do not match."
+ " File system is corrupt.\n");
+
+ /*
* convert from queue size in Mbytes to queue size in
- * blocks
+ * blocks.
+ *
+ * In doing so, check that the user supplied values do not
+ * overflow a signed int
*/
- fragment_buffer_size <<= 20 - block_log; - fragment_buffer_size <<= 20 - block_log;
- data_buffer_size <<= 20 - block_log; - data_buffer_size <<= 20 - block_log;
+ if(shift_overflow(fragment_buffer_size, 20 - block_log)) + /*
+ EXIT_UNSQUASH("Fragment queue size is too large\n"); + * Sanity check block size and block log.
+ else + *
+ fragment_buffer_size <<= 20 - block_log; + * Check they're within correct limits
+ */
+ if(block_size > SQUASHFS_FILE_MAX_SIZE ||
+ block_log > SQUASHFS_FILE_MAX_LOG)
+ EXIT_UNSQUASH("Block size or block_log too large."
+ " File system is corrupt.\n");
+
+ /*
+ * Check block_size and block_log match
+ */
+ if(block_size != (1 << block_log))
+ EXIT_UNSQUASH("Block size and block_log do not match."
+ " File system is corrupt.\n");
+
+ /*
+ * convert from queue size in Mbytes to queue size in
+ * blocks.
+ *
+ * In doing so, check that the user supplied values do not
+ * overflow a signed int
+ */
+ if(shift_overflow(fragment_buffer_size, 20 - block_log))
+ EXIT_UNSQUASH("Fragment queue size is too large\n");
+ else
+ fragment_buffer_size <<= 20 - block_log;
+
+ if(shift_overflow(data_buffer_size, 20 - block_log))
+ EXIT_UNSQUASH("Data queue size is too large\n");
+ else
+ data_buffer_size <<= 20 - block_log;
+ +
+ if(shift_overflow(data_buffer_size, 20 - block_log))
+ EXIT_UNSQUASH("Data queue size is too large\n");
+ else
+ data_buffer_size <<= 20 - block_log;
+ +
initialise_threads(fragment_buffer_size, data_buffer_size); initialise_threads(fragment_buffer_size, data_buffer_size);

3
squashfs-tools.spec
View File

@ -15,6 +15,7 @@ BuildRequires: libattr-devel
# date change that doesn't apply cleanly) # date change that doesn't apply cleanly)
Patch0: path-issue.patch Patch0: path-issue.patch
# Upstream commit 8515b3d420f502c5c0236b86e2d6d7e3b23c190e # Upstream commit 8515b3d420f502c5c0236b86e2d6d7e3b23c190e
# Patch needed to be adjusted to fit with the 4.2 release
Patch1: buffer-issue.patch Patch1: buffer-issue.patch
%description %description
@ -24,7 +25,7 @@ contains the utilities for manipulating squashfs filesystems.
%prep %prep
%setup -q -n squashfs4.2 %setup -q -n squashfs4.2
%patch0 -p1 -b .pathname %patch0 -p1 -b .pathname
%patch1 -p1 -b .buffer %patch1 -p0 -b .buffer
%build %build
pushd squashfs-tools pushd squashfs-tools