codeblock pushed to chicken (el6). "rhbz#1181483 (..more)"

notifications at fedoraproject.org notifications at fedoraproject.org
Tue Jun 16 02:44:46 UTC 2015 

From 24cfce72963be83de7a81da6b95a6103c0849fc3 Mon Sep 17 00:00:00 2001
From: Ricky Elrod <ricky at elrod.me>
Date: Tue, 13 Jan 2015 05:10:45 -0500
Subject: rhbz#1181483

Signed-off-by: Ricky Elrod <ricky at elrod.me>

diff --git a/chicken-4.9.0.1-2.el6.src.rpm b/chicken-4.9.0.1-2.el6.src.rpm
new file mode 100644
index 0000000..cfb50da
Binary files /dev/null and b/chicken-4.9.0.1-2.el6.src.rpm differ
diff --git a/chicken.spec b/chicken.spec
index 5324a53..5440e86 100644
--- a/chicken.spec
+++ b/chicken.spec
@@ -2,7 +2,7 @@
 
 Name:           chicken
 Version:        4.9.0.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A practical and portable Scheme system
 
 Group:          Development/Languages
@@ -27,6 +27,8 @@ BuildRequires:  hostname
 BuildRequires:  chicken
 %endif
 
+Patch1: rhbz-1181483.patch
+
 %package libs
 Summary:        Chicken Scheme runtime library
 
@@ -42,6 +44,7 @@ Scheme language standard, and includes many enhancements and extensions.
 %prep
 %setup -q -n %{name}-%{version}
 %patch0 -p1
+%patch1 -p1
 
 %build
 %if %{bootstrap} == 0
@@ -116,7 +119,11 @@ chrpath --delete %{buildroot}/%{_bindir}/*
 %{_libdir}/libchicken.so*
 
 %changelog
-* Thu Aug 07 2014 Ricky Elrod <relrod at redhat.com> - 4.9.0.1-4
+* Tue Jan 13 2015 Ricky Elrod <relrod at redhat.com> - 4.9.0.1-2
+- Apply patch to work around buffer overrun:
+  https://bugzilla.redhat.com/show_bug.cgi?id=1181483
+
+* Thu Aug 07 2014 Ricky Elrod <relrod at redhat.com> - 4.9.0.1-1
 - Latest upstream release.
 
 * Sat Jun 07 2014 Ricky Elrod <relrod at redhat.com> - 4.9.0-4
diff --git a/rhbz-1181483.patch b/rhbz-1181483.patch
new file mode 100644
index 0000000..28a081c
--- /dev/null
+++ b/rhbz-1181483.patch
@@ -0,0 +1,80 @@
+From 230eed2745ea2b57de3c9073e8596892b1da2d8c Mon Sep 17 00:00:00 2001
+From: Moritz Heidkamp <address at hidden>
+Date: Sun, 14 Dec 2014 23:33:52 +0100
+Subject: [PATCH] Fix buffer overrun in substring-index[-ci]
+
+When passing a start index greater than 0, substring-index[-ci] would
+scan past the end of the subject string, leading to bogus results in
+case the substring is accidentally run into beyond the end of the
+subject. This patch fixes the issue and also adds a range check for the
+start index.
+---
+ data-structures.scm             | 22 ++++++++++++++--------
+ tests/data-structures-tests.scm | 11 ++++++++++-
+ 2 files changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/data-structures.scm b/data-structures.scm
+index a94c163..511a3c1 100644
+--- a/data-structures.scm
++++ b/data-structures.scm
+@@ -307,15 +307,21 @@
+   (define (traverse which where start test loc)
+     (##sys#check-string which loc)
+     (##sys#check-string where loc)
+-    (let ([wherelen (##sys#size where)]
+-	  [whichlen (##sys#size which)] )
++    (let* ((wherelen (##sys#size where))
++	   (whichlen (##sys#size which))
++	   (end (fx- wherelen whichlen)))
+       (##sys#check-exact start loc)
+-      (let loop ([istart start] [iend whichlen])
+-	(cond [(fx> iend wherelen) #f]
+-	      [(test istart whichlen) istart]
+-	      [else 
+-	       (loop (fx+ istart 1)
+-		     (fx+ iend 1) ) ] ) ) ) )
++      (if (and (fx>= start 0)
++	       (fx> wherelen start))
++	  (let loop ((istart start))
++	    (cond ((fx> istart end) #f)
++		  ((test istart whichlen) istart)
++		  (else (loop (fx+ istart 1)))))
++	  (##sys#error-hook (foreign-value "C_OUT_OF_RANGE_ERROR" int)
++			    loc
++			    start
++			    wherelen))))
++
+   (set! ##sys#substring-index 
+     (lambda (which where start)
+       (traverse 
+diff --git a/tests/data-structures-tests.scm b/tests/data-structures-tests.scm
+index 51c25a9..34ccb2f 100644
+--- a/tests/data-structures-tests.scm
++++ b/tests/data-structures-tests.scm
+@@ -1,6 +1,6 @@
+ ;;;; data-structures-tests.scm
+ 
+-(use data-structures)
++(use data-structures lolevel)
+ 
+ (define-syntax assert-error
+   (syntax-rules ()
+@@ -57,6 +57,15 @@
+ (assert (< 0 (string-compare3-ci "foo\x00b" "foo\x00a")))
+ (assert (< 0 (string-compare3-ci "foo\x00b" "foo\x00A")))
+ 
++
++;; This used to fail because substring-index and co. used to search
++;; beyond the end of the subject string when a start index > 0 was
++;; provided. We use object-evict to ensure that the strings are placed
++;; in adjacent memory ranges so we can detect this error.
++(let* ((foo (object-evict (make-string 32 #\x)))
++       (bar (object-evict "y")))
++  (assert (not (substring-index "y" foo 30))))
++
+ ;; topological-sort
+ 
+ (assert (equal? '() (topological-sort '() eq?)))
+-- 
+2.1.3
+
-- 
cgit v0.10.2


From 1f1ea84897a3438ee0b2096e24ec23408670648e Mon Sep 17 00:00:00 2001
From: Ricky Elrod <ricky at elrod.me>
Date: Tue, 13 Jan 2015 05:12:20 -0500
Subject: Accidentally committed the .src.rpm... sigh.

Signed-off-by: Ricky Elrod <ricky at elrod.me>

diff --git a/chicken-4.9.0.1-2.el6.src.rpm b/chicken-4.9.0.1-2.el6.src.rpm
deleted file mode 100644
index cfb50da..0000000
Binary files a/chicken-4.9.0.1-2.el6.src.rpm and /dev/null differ
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/chicken.git/commit/?h=el6&id=886ab750e45a4cdcbfa0fca41e70c7fad9f9f0f4

More information about the scm-commits mailing list