From: Jakub Bogusz Date: Sat, 8 Dec 2018 10:14:43 +0000 (+0100) Subject: - added alias-argc patch: don't require sentinel in alias argv (argc should be enough) X-Git-Tag: auto/th/popt-1.17-3 X-Git-Url: http://git.pld-linux.org/?p=packages%2Fpopt.git;a=commitdiff_plain;h=e130537 - added alias-argc patch: don't require sentinel in alias argv (argc should be enough) fixes invalid read and probable invalid free - release 3 ==5349== Invalid read of size 4 ==5349== at 0x40DAAF2: poptFreeItems (popt.c:1777) ==5349== by 0x40DABAD: poptFreeContext (popt.c:1794) ==5349== by 0x80719D5: parse_arguments (options.c:1406) ==5349== by 0x806938B: main (main.c:1574) ==5349== Address 0x44c9f0c is 0 bytes after a block of size 4 alloc'd ==5349== at 0x40335F6: malloc (vg_replace_malloc.c:299) ==5349== by 0x8065D8B: _new_array (util2.c:68) ==5349== by 0x80714C0: popt_unalias (options.c:1313) ==5349== by 0x8071649: parse_arguments (options.c:1360) ==5349== by 0x806938B: main (main.c:1574) --- diff --git a/popt-alias-argc.patch b/popt-alias-argc.patch new file mode 100644 index 0000000..3b3c53b --- /dev/null +++ b/popt-alias-argc.patch @@ -0,0 +1,11 @@ +--- popt-1.17/popt.c.orig 2014-08-09 22:13:11.000000000 +0200 ++++ popt-1.17/popt.c 2018-12-08 09:41:33.241167491 +0100 +@@ -1774,7 +1774,7 @@ + item->option.argDescrip = _free(item->option.argDescrip); + /*@=modobserver =observertrans =dependenttrans@*/ + #if !defined(SUPPORT_CONTIGUOUS_ARGV) +- for (i = 0; item->argv[i]; i++) ++ for (i = 0; (i < item->argc) && item->argv[i]; i++) + item->argv[i] = _free(item->argv[i]); + #endif + item->argv = _free(item->argv); diff --git a/popt.spec b/popt.spec index ae869d2..7c8fa9b 100644 --- a/popt.spec +++ b/popt.spec @@ -11,12 +11,13 @@ Summary(tr.UTF-8): Komut satırı parametrelerini ayrıştırımak için C arşi Summary(uk.UTF-8): Бібліотека C для розбору параметрів командної стрічки Name: popt Version: 1.17 -Release: 2 +Release: 3 License: X Consortium (MIT-like) Group: Libraries Source0: http://rpm5.org/files/popt/%{name}-%{version}.tar.gz # Source0-md5: 7f98c657d35981d30dd372da5335c354 Patch0: %{name}-diet.patch +Patch1: %{name}-alias-argc.patch URL: http://rpm5.org/ BuildRequires: autoconf >= 2.57 BuildRequires: automake >= 1.4 @@ -156,6 +157,7 @@ Biblioteka statyczna dietlibc popt. %prep %setup -q %patch0 -p1 +%patch1 -p1 %{__sed} -i -e 's#po/Makefile.in intl/Makefile##g' configure.ac