diff options
| author | Ørjan Malde <red@foxi.me> | 2022-05-14 15:21:02 +0200 |
|---|---|---|
| committer | Ørjan Malde <red@foxi.me> | 2022-05-14 15:21:02 +0200 |
| commit | 2a82c3ea79ecdd903ad446f0303896d89fc07a18 (patch) | |
| tree | f0e41b1c4296ff756c595cf7d8593e6a379e2fb2 /patches/fribidi/CVE-2022-25308.patch | |
| parent | 3bee1d05c702c1c4761ce7885edd1980fdb2da47 (diff) | |
| download | midipix_build-2a82c3ea79ecdd903ad446f0303896d89fc07a18.tar.bz2 midipix_build-2a82c3ea79ecdd903ad446f0303896d89fc07a18.tar.xz | |
groups/251.native_packages_lib.group: fribidi: bump to v1.0.12
Signed-off-by: Ørjan Malde <red@foxi.me>
Diffstat (limited to 'patches/fribidi/CVE-2022-25308.patch')
| -rw-r--r-- | patches/fribidi/CVE-2022-25308.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/patches/fribidi/CVE-2022-25308.patch b/patches/fribidi/CVE-2022-25308.patch deleted file mode 100644 index 052bfd79..00000000 --- a/patches/fribidi/CVE-2022-25308.patch +++ /dev/null @@ -1,45 +0,0 @@ -From ad3a19e6372b1e667128ed1ea2f49919884587e1 Mon Sep 17 00:00:00 2001 -From: Akira TAGOH <akira@tagoh.org> -Date: Thu, 17 Feb 2022 17:30:12 +0900 -Subject: [PATCH] Fix the stack buffer overflow issue - -strlen() could returns 0. Without a conditional check for len, -accessing S_ pointer with len - 1 may causes a stack buffer overflow. - -AddressSanitizer reports this like: -==1219243==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdce043c1f at pc 0x000000403547 bp 0x7ffdce0 -43b30 sp 0x7ffdce043b28 -READ of size 1 at 0x7ffdce043c1f thread T0 - #0 0x403546 in main ../bin/fribidi-main.c:393 - #1 0x7f226804e58f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f) - #2 0x7f226804e648 in __libc_start_main_impl (/lib64/libc.so.6+0x2d648) - #3 0x4036f4 in _start (/tmp/fribidi/build/bin/fribidi+0x4036f4) - -Address 0x7ffdce043c1f is located in stack of thread T0 at offset 63 in frame - #0 0x4022bf in main ../bin/fribidi-main.c:193 - - This frame has 5 object(s): - [32, 36) 'option_index' (line 233) - [48, 52) 'base' (line 386) - [64, 65064) 'S_' (line 375) <== Memory access at offset 63 underflows this variable - [65328, 130328) 'outstring' (line 385) - [130592, 390592) 'logical' (line 384) - -This fixes https://github.com/fribidi/fribidi/issues/181 ---- - bin/fribidi-main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bin/fribidi-main.c b/bin/fribidi-main.c -index 3cf9fe1..3ae4fb6 100644 ---- a/bin/fribidi-main.c -+++ b/bin/fribidi-main.c -@@ -390,7 +390,7 @@ FRIBIDI_END_IGNORE_DEPRECATIONS - S_[sizeof (S_) - 1] = 0; - len = strlen (S_); - /* chop */ -- if (S_[len - 1] == '\n') -+ if (len > 0 && S_[len - 1] == '\n') - { - len--; - S_[len] = '\0'; |