[gnome-boxes/f19] Fix crash in get_decoded_udev_property()
Zeeshan Ali
zeenix at fedoraproject.org
Wed Mar 12 21:18:29 UTC 2014
commit 9536aaac84b84b1a6e564ac621066ee9c9ee1852
Author: Zeeshan Ali (Khattak) <zeeshanak at gnome.org>
Date: Wed Mar 12 16:47:30 2014 +0000
Fix crash in get_decoded_udev_property()
Related: rhbz#1058082.
get_decoded_udev_property-Fix-sscanf-use.patch | 35 ++++++++++++++++++++++++
gnome-boxes.spec | 7 ++++-
2 files changed, 41 insertions(+), 1 deletions(-)
---
diff --git a/get_decoded_udev_property-Fix-sscanf-use.patch b/get_decoded_udev_property-Fix-sscanf-use.patch
new file mode 100644
index 0000000..bd233c5
--- /dev/null
+++ b/get_decoded_udev_property-Fix-sscanf-use.patch
@@ -0,0 +1,35 @@
+From 6dd1d6e679bc03523637a8c7a3948ac3dcb4c3cf Mon Sep 17 00:00:00 2001
+From: Christophe Fergeau <cfergeau at redhat.com>
+Date: Wed, 12 Mar 2014 15:55:17 +0100
+Subject: [PATCH] get_decoded_udev_property: Fix sscanf use
+
+sscanf man page says about %x:
+'x Matches an unsigned hexadecimal integer; the next pointer must be a
+pointer to unsigned int'
+get_decoded_udev_property() is using %02x, but this is not documented as
+reducing the size of the expected pointer, it's only documented as causing
+sscanf to read at most 2 digits of the parsed number.
+
+Boxes was passing an uint8 to scanf instead of an uint, causing memory
+corruption (plus a 'fortify: stack smashing detected' message if this is
+enabled when building), and eventually a crash in get_decoded_udev_property().
+---
+ src/installer-media.vala | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/installer-media.vala b/src/installer-media.vala
+index 7b567ab..8fc18da 100644
+--- a/src/installer-media.vala
++++ b/src/installer-media.vala
+@@ -195,7 +195,7 @@ private void get_decoded_udev_properties_for_media (GUdev.Device device,
+
+ var decoded = "";
+ for (var i = 0; i < encoded.length; ) {
+- uint8 x;
++ uint x;
+
+ if (encoded[i:encoded.length].scanf ("\\x%02x", out x) > 0) {
+ decoded += ((char) x).to_string ();
+--
+1.8.5.3
+
diff --git a/gnome-boxes.spec b/gnome-boxes.spec
index 463b955..e4c44b9 100644
--- a/gnome-boxes.spec
+++ b/gnome-boxes.spec
@@ -31,13 +31,14 @@ ExclusiveArch: x86_64
Name: gnome-boxes
Version: 3.8.4
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: A simple GNOME 3 application to access remote or virtual systems
Group: Applications/Emulators
License: LGPLv2+
URL: https://live.gnome.org/Boxes
Source0: http://download.gnome.org/sources/%{name}/%{url_ver}/%{name}-%{version}.tar.xz
+Patch0: get_decoded_udev_property-Fix-sscanf-use.patch
BuildRequires: libgovirt-devel
BuildRequires: intltool
@@ -90,6 +91,7 @@ gnome-boxes lets you easily create, setup, access, and use:
%prep
%setup -q
+%patch0 -p1
%build
#fedora-legal and the fedora board permit logos to be enabled
@@ -137,6 +139,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%{_datadir}/gnome-shell/search-providers/gnome-boxes-search-provider.ini
%changelog
+* Wed Mar 12 2014 Zeeshan Ali <zeenix at redhat.com> - 3.8.4-3
+- Fix crash in get_decoded_udev_property.
+
* Fri Aug 09 2013 Christophe Fergeau <cfergeau at redhat.com> 3.8.4-2
- Add Requires on dconf and gnome-themes-standard, fixes rhbz#978727
More information about the scm-commits
mailing list