[unzip/f19] - fix unitialized reads (#558738)
pstodulk
pstodulk at fedoraproject.org
Thu Nov 27 13:42:15 UTC 2014
commit c64c31d061d39fb56325c4f073bd6bd65e9a58d1
Author: Petr Stodulka <pstodulk at redhat.com>
Date: Thu Nov 20 13:35:36 2014 +0100
- fix unitialized reads (#558738)
unzip-6.0-valgrind.patch | 26 ++++++++++++++++++++++++++
unzip.spec | 7 ++++++-
2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/unzip-6.0-valgrind.patch b/unzip-6.0-valgrind.patch
new file mode 100644
index 0000000..41a7520
--- /dev/null
+++ b/unzip-6.0-valgrind.patch
@@ -0,0 +1,26 @@
+diff --git a/fileio.c b/fileio.c
+index ba0a1d0..03fc4be 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -2006,6 +2006,7 @@ int do_string(__G__ length, option) /* return PK-type error code */
+ unsigned comment_bytes_left;
+ unsigned int block_len;
+ int error=PK_OK;
++ unsigned int length2;
+ #ifdef AMIGA
+ char tmp_fnote[2 * AMIGA_FILENOTELEN]; /* extra room for squozen chars */
+ #endif
+@@ -2292,8 +2293,12 @@ int do_string(__G__ length, option) /* return PK-type error code */
+ seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
+ (G.inptr-G.inbuf) + length);
+ } else {
+- if (readbuf(__G__ (char *)G.extra_field, length) == 0)
++ if ((length2 = readbuf(__G__ (char *)G.extra_field, length)) == 0)
+ return PK_EOF;
++ if(length2 < length) {
++ memset (__G__ (char *)G.extra_field+length2, 0 , length-length2);
++ length = length2;
++ }
+ /* Looks like here is where extra fields are read */
+ getZip64Data(__G__ G.extra_field, length);
+ #ifdef UNICODE_SUPPORT
diff --git a/unzip.spec b/unzip.spec
index ddd5f2b..9f06f5c 100644
--- a/unzip.spec
+++ b/unzip.spec
@@ -1,7 +1,7 @@
Summary: A utility for unpacking zip files
Name: unzip
Version: 6.0
-Release: 12%{?dist}
+Release: 13%{?dist}
License: BSD
Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@@ -24,6 +24,7 @@ Patch6: unzip-6.0-manpage-fix.patch
Patch7: unzip-6.0-fix-recmatch.patch
# Update process.c
Patch8: unzip-6.0-symlink.patch
+Patch9: unzip-6.0-valgrind.patch
URL: http://www.info-zip.org/UnZip.html
BuildRequires: bzip2-devel
@@ -48,6 +49,7 @@ a zip archive.
%patch6 -p1 -b .manpage-fix
%patch7 -p1 -b .recmatch
%patch8 -p1 -b .symlink
+%patch9 -p1 -b .valgrind
%build
make -f unix/Makefile CF_NOOPT="-I. -DUNIX -DNOMEMCPY $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags}
@@ -63,6 +65,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/*
%changelog
+* Thu Nov 20 2014 Petr Stodulka <pstodulk at redhat.com> - 6.0-13
+- Fix unitialized reads in unzip (#558738).
+
* Thu Nov 06 2014 Petr Stodulka <pstodulk at redhat.com> - 6.0-12
- Fix producing of incorrect output due to memcpy overlapping
by added option -D NOMEMCPY to compile section.
More information about the scm-commits
mailing list