[gnome-settings-daemon] Fix fortify fail in gsd-color-manager.c (#714625)
Tomas Bzatek
tbzatek at fedoraproject.org
Tue Jun 21 10:49:34 UTC 2011
commit a3f21c1849e4db817fbce22ee55498ace4d1f3a6
Author: Tomas Bzatek <tbzatek at redhat.com>
Date: Tue Jun 21 12:49:19 2011 +0200
Fix fortify fail in gsd-color-manager.c (#714625)
gnome-settings-daemon-3.1.3-color-widestring.patch | 81 ++++++++++++++++++++
gnome-settings-daemon.spec | 9 ++-
2 files changed, 89 insertions(+), 1 deletions(-)
---
diff --git a/gnome-settings-daemon-3.1.3-color-widestring.patch b/gnome-settings-daemon-3.1.3-color-widestring.patch
new file mode 100644
index 0000000..03ca675
--- /dev/null
+++ b/gnome-settings-daemon-3.1.3-color-widestring.patch
@@ -0,0 +1,81 @@
+From ac60d0ae037096859cf452d074e9bd345974c786 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard at hughsie.com>
+Date: Mon, 20 Jun 2011 16:41:28 +0000
+Subject: color: Fix a potential buffer-overflow when converting to wide text
+
+Thanks to fortify protection, g-s-d fails to build for some distros.
+Copy the fix from Colin that went into colord a few days ago.
+---
+diff --git a/plugins/color/gsd-color-manager.c b/plugins/color/gsd-color-manager.c
+index 0b1c882..0391175 100644
+--- a/plugins/color/gsd-color-manager.c
++++ b/plugins/color/gsd-color-manager.c
+@@ -87,10 +87,10 @@ typedef struct {
+ GQuark
+ gsd_color_manager_error_quark (void)
+ {
+- static GQuark quark = 0;
+- if (!quark)
+- quark = g_quark_from_static_string ("gsd_color_manager_error");
+- return quark;
++ static GQuark quark = 0;
++ if (!quark)
++ quark = g_quark_from_static_string ("gsd_color_manager_error");
++ return quark;
+ }
+
+ static GcmEdid *
+@@ -492,17 +492,46 @@ out:
+ }
+
+ #ifdef HAVE_NEW_LCMS
++static wchar_t *
++utf8_to_wchar_t (const char *src)
++{
++ gsize len;
++ gsize converted;
++ wchar_t *buf = NULL;
++
++ len = mbstowcs (NULL, src, 0);
++ if (len < 0) {
++ g_warning ("Invalid UTF-8 in string %s", src);
++ goto out;
++ }
++ len += 1;
++ buf = g_malloc (sizeof (wchar_t) * len);
++ converted = mbstowcs (buf, src, len - 1);
++ g_assert (converted != -1);
++ buf[converted] = '\0';
++out:
++ return buf;
++}
++
+ static cmsBool
+ _cmsDictAddEntryAscii (cmsHANDLE dict,
+ const gchar *key,
+ const gchar *value)
+ {
+- cmsBool ret;
+- wchar_t mb_key[1024];
+- wchar_t mb_value[1024];
+- mbstowcs (mb_key, key, sizeof (mb_key));
+- mbstowcs (mb_value, value, sizeof (mb_value));
++ cmsBool ret = FALSE;
++ wchar_t *mb_key = NULL;
++ wchar_t *mb_value = NULL;
++
++ mb_key = utf8_to_wchar_t (key);
++ if (mb_key == NULL)
++ goto out;
++ mb_value = utf8_to_wchar_t (value);
++ if (mb_value == NULL)
++ goto out;
+ ret = cmsDictAddEntry (dict, mb_key, mb_value, NULL, NULL);
++out:
++ g_free (mb_key);
++ g_free (mb_value);
+ return ret;
+ }
+ #endif /* HAVE_NEW_LCMS */
+--
+cgit v0.9
diff --git a/gnome-settings-daemon.spec b/gnome-settings-daemon.spec
index 016280d..38b4113 100644
--- a/gnome-settings-daemon.spec
+++ b/gnome-settings-daemon.spec
@@ -1,6 +1,6 @@
Name: gnome-settings-daemon
Version: 3.1.2
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The daemon sharing settings from GNOME to GTK+/KDE applications
Group: System Environment/Daemons
@@ -9,6 +9,9 @@ URL: http://download.gnome.org/sources/%{name}
#VCS: git:git://git.gnome.org/gnome-settings-daemon
Source: http://download.gnome.org/sources/%{name}/3.1/%{name}-%{version}.tar.xz
+# from upstream
+Patch0: gnome-settings-daemon-3.1.3-color-widestring.patch
+
Requires(pre): GConf2 >= 2.14
Requires(preun): GConf2 >= 2.14
Requires(post): GConf2 >= 2.14
@@ -57,6 +60,7 @@ developing applications that use %{name}.
%prep
%setup -q
+%patch0 -p1 -b .color-wide
# autoreconf -i -f
@@ -210,6 +214,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%{_datadir}/gnome-settings-daemon-3.0/input-device-example.sh
%changelog
+* Tue Jun 21 2011 Tomas Bzatek <tbzatek at redhat.com> - 3.1.2-2
+- Fix fortify fail in gsd-color-manager.c (#714625)
+
* Wed Jun 15 2011 Tomas Bzatek <tbzatek at redhat.com> - 3.1.2-1
- Update to 3.1.2
More information about the scm-commits
mailing list