kdudka pushed to coreutils (f22). "sort - fix buffer overflow in some case conversions (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu May 14 08:50:40 UTC 2015
From 8d61fd496c22d7c0cca29cb1ef28c53e825ac58a Mon Sep 17 00:00:00 2001
From: Ondrej Oprala <ooprala at redhat.com>
Date: Wed, 13 May 2015 10:53:55 +0200
Subject: sort - fix buffer overflow in some case conversions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- patch by Pádraig Brady
diff --git a/coreutils-i18n.patch b/coreutils-i18n.patch
index e7005cf..948b555 100644
--- a/coreutils-i18n.patch
+++ b/coreutils-i18n.patch
@@ -3245,8 +3245,8 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
+
+ if (ignore || translate)
+ {
-+ char *copy_a = (char *) xmalloc (lena + 1 + lenb + 1);
-+ char *copy_b = copy_a + lena + 1;
++ char *copy_a = (char *) xmalloc ((lena + lenb) * MB_CUR_MAX + 2);
++ char *copy_b = copy_a + lena * MB_CUR_MAX + 1;
+ size_t new_len_a, new_len_b;
+ size_t i, j;
+
@@ -3452,6 +3452,39 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
}
break;
+diff -urNp coreutils-8.23-orig/tests/i18n/sort.sh coreutils-8.23/tests/i18n/sort.sh
+--- coreutils-8.23-orig/tests/i18n/sort.sh 1970-01-01 01:00:00.000000000 +0100
++++ coreutils-8.23/tests/i18n/sort.sh 2014-07-22 13:45:52.733652016 +0200
+@@ -0,0 +1,29 @@
++#!/bin/sh
++# Verify sort's multi-byte support.
++
++. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
++print_ver_ sort
++
++export LC_ALL=en_US.UTF-8
++locale -k LC_CTYPE | grep -q "charmap.*UTF-8" \
++ || skip_ "No UTF-8 locale available"
++
++# Enable heap consistency checkng on older systems
++export MALLOC_CHECK_=2
++
++
++# check buffer overflow issue due to
++# expanding multi-byte representation due to case conversion
++# https://bugzilla.suse.com/show_bug.cgi?id=928749
++cat <<EOF > exp
++.
++ɑ
++EOF
++cat <<EOF | sort -f > out || fail=1
++.
++ɑ
++EOF
++compare exp out || { fail=1; cat out; }
++
++
++Exit $fail
diff -urNp coreutils-8.23-orig/src/unexpand.c coreutils-8.23/src/unexpand.c
--- coreutils-8.23-orig/src/unexpand.c 2014-07-11 13:00:07.000000000 +0200
+++ coreutils-8.23/src/unexpand.c 2014-07-22 13:45:52.721651968 +0200
@@ -4099,11 +4132,12 @@ diff -urNp coreutils-8.23-orig/src/uniq.c coreutils-8.23/src/uniq.c
diff -urNp coreutils-8.23-orig/tests/local.mk coreutils-8.23/tests/local.mk
--- coreutils-8.23-orig/tests/local.mk 2014-07-22 13:45:10.494422571 +0200
+++ coreutils-8.23/tests/local.mk 2014-07-22 13:45:52.726651988 +0200
-@@ -331,6 +331,7 @@ all_tests = \
+@@ -331,6 +331,8 @@ all_tests = \
tests/misc/sort-discrim.sh \
tests/misc/sort-files0-from.pl \
tests/misc/sort-float.sh \
+ tests/misc/sort-mb-tests.sh \
++ tests/i18n/sort.sh \
tests/misc/sort-merge.pl \
tests/misc/sort-merge-fdlimit.sh \
tests/misc/sort-month.sh \
diff --git a/coreutils.spec b/coreutils.spec
index b482fa2..94cd5e3 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -1,7 +1,7 @@
Summary: A set of basic GNU tools commonly used in shell scripts
Name: coreutils
Version: 8.23
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv3+
Group: System Environment/Base
Url: http://www.gnu.org/software/coreutils/
@@ -373,6 +373,10 @@ fi
%{_sbindir}/chroot
%changelog
+* Wed May 13 2015 Ondrej Oprala <ooprala at redhat.com - 8.23-10
+- sort - fix buffer overflow in some case conversions
+ - patch by Pádraig Brady
+
* Mon Apr 20 2015 Pádraig Brady <pbrady at redhat.com> - 8.23-9
- Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642)
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/coreutils.git/commit/?h=f22&id=8d61fd496c22d7c0cca29cb1ef28c53e825ac58a
More information about the scm-commits
mailing list