[gnome-settings-daemon] Fix fortify fail in gsd-color-manager.c (#714625)

Tue Jun 21 10:49:34 UTC 2011

commit a3f21c1849e4db817fbce22ee55498ace4d1f3a6
Author: Tomas Bzatek <tbzatek at redhat.com>
Date:   Tue Jun 21 12:49:19 2011 +0200

    Fix fortify fail in gsd-color-manager.c (#714625)

 gnome-settings-daemon-3.1.3-color-widestring.patch |   81 ++++++++++++++++++++
 gnome-settings-daemon.spec                         |    9 ++-
 2 files changed, 89 insertions(+), 1 deletions(-)
---

diff --git a/gnome-settings-daemon-3.1.3-color-widestring.patch b/gnome-settings-daemon-3.1.3-color-widestring.patch
new file mode 100644
index 0000000..03ca675
--- /dev/null
+++ b/gnome-settings-daemon-3.1.3-color-widestring.patch
@@ -0,0 +1,81 @@
+From ac60d0ae037096859cf452d074e9bd345974c786 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard at hughsie.com>
+Date: Mon, 20 Jun 2011 16:41:28 +0000
+Subject: color: Fix a potential buffer-overflow when converting to wide text
+
+Thanks to fortify protection, g-s-d fails to build for some distros.
+Copy the fix from Colin that went into colord a few days ago.
+---
+diff --git a/plugins/color/gsd-color-manager.c b/plugins/color/gsd-color-manager.c
+index 0b1c882..0391175 100644
+--- a/plugins/color/gsd-color-manager.c
++++ b/plugins/color/gsd-color-manager.c
+@@ -87,10 +87,10 @@ typedef struct {
+ GQuark
+ gsd_color_manager_error_quark (void)
+ {
+-	static GQuark quark = 0;
+-	if (!quark)
+-		quark = g_quark_from_static_string ("gsd_color_manager_error");
+-	return quark;
++        static GQuark quark = 0;
++        if (!quark)
++                quark = g_quark_from_static_string ("gsd_color_manager_error");
++        return quark;
+ }
+ 
+ static GcmEdid *
+@@ -492,17 +492,46 @@ out:
+ }
+ 
+ #ifdef HAVE_NEW_LCMS
++static wchar_t *
++utf8_to_wchar_t (const char *src)
++{
++        gsize len;
++        gsize converted;
++        wchar_t *buf = NULL;
++
++        len = mbstowcs (NULL, src, 0);
++        if (len < 0) {
++                g_warning ("Invalid UTF-8 in string %s", src);
++                goto out;
++        }
++        len += 1;
++        buf = g_malloc (sizeof (wchar_t) * len);
++        converted = mbstowcs (buf, src, len - 1);
++        g_assert (converted != -1);
++        buf[converted] = '\0';
++out:
++        return buf;
++}
++
+ static cmsBool
+ _cmsDictAddEntryAscii (cmsHANDLE dict,
+                        const gchar *key,
+                        const gchar *value)
+ {
+-        cmsBool ret;
+-        wchar_t mb_key[1024];
+-        wchar_t mb_value[1024];
+-        mbstowcs (mb_key, key, sizeof (mb_key));
+-        mbstowcs (mb_value, value, sizeof (mb_value));
++        cmsBool ret = FALSE;
++        wchar_t *mb_key = NULL;
++        wchar_t *mb_value = NULL;
++
++        mb_key = utf8_to_wchar_t (key);
++        if (mb_key == NULL)
++                goto out;
++        mb_value = utf8_to_wchar_t (value);
++        if (mb_value == NULL)
++                goto out;
+         ret = cmsDictAddEntry (dict, mb_key, mb_value, NULL, NULL);
++out:
++        g_free (mb_key);
++        g_free (mb_value);
+         return ret;
+ }
+ #endif /* HAVE_NEW_LCMS */
+--
+cgit v0.9
diff --git a/gnome-settings-daemon.spec b/gnome-settings-daemon.spec
index 016280d..38b4113 100644
--- a/gnome-settings-daemon.spec
+++ b/gnome-settings-daemon.spec
@@ -1,6 +1,6 @@
 Name:           gnome-settings-daemon
 Version:        3.1.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The daemon sharing settings from GNOME to GTK+/KDE applications
 
 Group:          System Environment/Daemons
@@ -9,6 +9,9 @@ URL:            http://download.gnome.org/sources/%{name}
 #VCS: git:git://git.gnome.org/gnome-settings-daemon
 Source:         http://download.gnome.org/sources/%{name}/3.1/%{name}-%{version}.tar.xz
 
+# from upstream
+Patch0: gnome-settings-daemon-3.1.3-color-widestring.patch
+
 Requires(pre):    GConf2 >= 2.14
 Requires(preun):  GConf2 >= 2.14
 Requires(post):   GConf2 >= 2.14
@@ -57,6 +60,7 @@ developing applications that use %{name}.
 
 %prep
 %setup -q
+%patch0 -p1 -b .color-wide
 
 # autoreconf -i -f
 
@@ -210,6 +214,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 %{_datadir}/gnome-settings-daemon-3.0/input-device-example.sh
 
 %changelog
+* Tue Jun 21 2011 Tomas Bzatek <tbzatek at redhat.com> - 3.1.2-2
+- Fix fortify fail in gsd-color-manager.c (#714625)
+
 * Wed Jun 15 2011 Tomas Bzatek <tbzatek at redhat.com> - 3.1.2-1
 - Update to 3.1.2
 
