Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package minicom minicom 2.8-2 addresses a smashed stack in testing, see bug #989735. The upstream author provided four patches to address this issue. I put these patches into debian/patches, nothing else has been changed. The fix has been confirmed in #989735#55 by the bug's submitter. debdiff attached unblock minicom/2.8-2
diff -Nru minicom-2.8/debian/changelog minicom-2.8/debian/changelog
--- minicom-2.8/debian/changelog 2021-01-03 13:27:18.000000000 +0100
+++ minicom-2.8/debian/changelog 2021-06-15 05:20:21.000000000 +0200
@@ -1,3 +1,10 @@
+minicom (2.8-2) unstable; urgency=medium
+
+ * Fixed history buffer allocation, applied upstream 2021-06-13 patches,
+ thanks to Mike Crowe and Adam Lackorzynski, closes: #989735.
+
+ -- Martin A. Godisch <godi...@debian.org> Tue, 15 Jun 2021 05:20:21 +0200
+
minicom (2.8-1) unstable; urgency=low
* New upstream release.
diff -Nru minicom-2.8/debian/patches/b6043854f1e762801347ed4bf4d368b49ad99217.diff minicom-2.8/debian/patches/b6043854f1e762801347ed4bf4d368b49ad99217.diff
--- minicom-2.8/debian/patches/b6043854f1e762801347ed4bf4d368b49ad99217.diff 1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.8/debian/patches/b6043854f1e762801347ed4bf4d368b49ad99217.diff 2021-06-15 05:07:38.000000000 +0200
@@ -0,0 +1,39 @@
+diff --git a/src/minicom.c b/src/minicom.c
+index 2719f8cce5a3edf42b34918a870299004d813d21..06dd7be5840dc2fca733a6d0c995e52f814ca568 100644
+--- a/src/minicom.c
++++ b/src/minicom.c
+@@ -173,7 +173,6 @@ static void shjump(int sig)
+ static ELM *mc_getline(WIN *w, int no)
+ {
+ int i;
+- static ELM outofrange[MAXCOLS] = {{0,0,0}};
+
+ if (no < us->histlines) {
+ /* Get a line from the history buffer. */
+@@ -188,13 +187,20 @@ static ELM *mc_getline(WIN *w, int no)
+ /* Get a line from the "us" window. */
+ no -= us->histlines;
+ if (no >= w->ys) {
+- if (outofrange[0].value == 0) {
+- for (i = 0; i < MAXCOLS; i++) {
+- outofrange[i].value = ' ';
+- outofrange[i].color = us->color;
+- outofrange[i].attr = us->attr;
++ static int alloced_columns;
++ static ELM *outofrange;
++ int cols = w->x2 + 1;
++ if (cols > alloced_columns) {
++ free(outofrange);
++ outofrange = malloc(sizeof(*outofrange) * cols);
++ assert(outofrange);
++ alloced_columns = cols;
++
++ for (i = 0; i < cols; i++) {
++ outofrange[i].value = i == 0 ? '~' : ' ';
++ outofrange[i].color = us->color;
++ outofrange[i].attr = us->attr;
+ }
+- outofrange[0].value = '~';
+ }
+ return outofrange;
+ }
diff -Nru minicom-2.8/debian/patches/b7727586547b4a24939bef4176b8a0d5ad91d62d.diff minicom-2.8/debian/patches/b7727586547b4a24939bef4176b8a0d5ad91d62d.diff
--- minicom-2.8/debian/patches/b7727586547b4a24939bef4176b8a0d5ad91d62d.diff 1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.8/debian/patches/b7727586547b4a24939bef4176b8a0d5ad91d62d.diff 2021-06-15 04:58:44.000000000 +0200
@@ -0,0 +1,17 @@
+diff --git a/src/minicom.h b/src/minicom.h
+index ebc1dec6f06082c59059766fc89c19726e91aef1..cd75ec46ffaf6a0bd8564c15f1edeea55460a5b3 100644
+--- a/src/minicom.h
++++ b/src/minicom.h
+@@ -47,12 +47,6 @@
+ #include <arpa/inet.h>
+ #endif
+
+-/*
+- * kub...@debian.or.jp 08/08/98
+- * COLS must be equal to or less than MAXCOLS.
+- */
+-#define MAXCOLS 256
+-
+ #define XA_OK_EXIST 1
+ #define XA_OK_NOTEXIST 2
+
diff -Nru minicom-2.8/debian/patches/d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff minicom-2.8/debian/patches/d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff
--- minicom-2.8/debian/patches/d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff 1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.8/debian/patches/d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff 2021-06-15 05:08:25.000000000 +0200
@@ -0,0 +1,22 @@
+diff --git a/src/minicom.c b/src/minicom.c
+index 06dd7be5840dc2fca733a6d0c995e52f814ca568..f6c84c85427a04d739fdd3edbfcf0260835d4729 100644
+--- a/src/minicom.c
++++ b/src/minicom.c
+@@ -377,12 +377,13 @@ const wchar_t *upcase(wchar_t *dest, wchar_t *src)
+ */
+ wchar_t *StrStr(wchar_t *str1, wchar_t *str2, int case_matters)
+ {
+- wchar_t tmpstr1[MAXCOLS], tmpstr2[MAXCOLS];
+-
+ if (case_matters)
+ return wcsstr(str1, str2);
+- else
+- return wcsstr(upcase(tmpstr1, str1), upcase(tmpstr2, str2));
++
++ size_t len1 = wcslen(str1) + 1;
++ size_t len2 = wcslen(str2) + 1;
++ wchar_t tmpstr1[len1], tmpstr2[len2];
++ return wcsstr(upcase(tmpstr1, str1), upcase(tmpstr2, str2));
+ }
+
+ static void drawcite(WIN *w, int y, int citey, int start, int end)
diff -Nru minicom-2.8/debian/patches/f118eb9efe89672e5c2a75b34960813db493b2ed.diff minicom-2.8/debian/patches/f118eb9efe89672e5c2a75b34960813db493b2ed.diff
--- minicom-2.8/debian/patches/f118eb9efe89672e5c2a75b34960813db493b2ed.diff 1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.8/debian/patches/f118eb9efe89672e5c2a75b34960813db493b2ed.diff 2021-06-15 05:11:21.000000000 +0200
@@ -0,0 +1,182 @@
+diff --git a/src/minicom.c b/src/minicom.c
+index 9b166dc13ebed70122bb3cbfa783e924af4e8e3c..2719f8cce5a3edf42b34918a870299004d813d21 100644
+--- a/src/minicom.c
++++ b/src/minicom.c
+@@ -231,15 +231,15 @@ void drawhist_look(WIN *w, int y, int r, wchar_t *look, int case_matters)
+ {
+ int f;
+ ELM *tmp_e;
+- wchar_t tmp_line[MAXCOLS];
+
+- tmp_line[0]='\0';
+ w->direct = 0;
+ for (f = 0; f < w->ys; f++) {
+ tmp_e = mc_getline(w, y++);
+
++ wchar_t *tmp_line;
++
+ /* First we "accumulate" the line into a variable */
+- mc_wdrawelm_var(w, tmp_e, tmp_line);
++ mc_wdrawelm_var(w, tmp_e, &tmp_line);
+
+ /* Does it have what we want? */
+ if (wcslen(look) > 1 && wcslen(tmp_line) > 1) {
+@@ -248,6 +248,8 @@ void drawhist_look(WIN *w, int y, int r, wchar_t *look, int case_matters)
+ else
+ mc_wdrawelm(w, f, tmp_e); /* 'normal' output */
+ }
++
++ free(tmp_line);
+ }
+
+ if (r)
+@@ -315,14 +317,11 @@ int find_next(WIN *w, WIN *w_hist,
+ {
+ int next_line;
+ ELM *tmp_e;
+- wchar_t tmp_line[MAXCOLS];
+ int all_lines;
+
+ if (!look)
+ return(++hit_line); /* next line */
+
+- tmp_line[0] = '\0'; /* Personal phobia, I need to do this.. */
+-
+ hit_line++; /* we NEED this so we don't search only same line! */
+ all_lines = w->histlines + w_hist->ys;
+
+@@ -335,16 +334,23 @@ int find_next(WIN *w, WIN *w_hist,
+ /* we do 'something' here... :-) */
+ tmp_e = mc_getline(w_hist, next_line);
+
++ wchar_t *tmp_line;
++
+ /*
+ * First we "accumulate" the line into a variable.
+ * To see 'why', see what an 'ELM' structure looks like!
+ */
+- mc_wdrawelm_var(w, tmp_e, tmp_line);
++ mc_wdrawelm_var(w, tmp_e, &tmp_line);
+
+ /* Does it have what we want? */
+ if (wcslen(tmp_line) > 1 && wcslen(look) > 1)
+ if (StrStr(tmp_line, look, case_matters))
+- return next_line;
++ {
++ free(tmp_line);
++ return next_line;
++ }
++
++ free(tmp_line);
+ }
+
+ if (hit_line >= all_lines) { /* Make sure we've got a valid line! */
+@@ -403,7 +409,6 @@ static void drawcite_whole(WIN *w, int y, int start, int end)
+
+ static void do_cite(WIN *w, int start, int end)
+ {
+- wchar_t tmp_line[MAXCOLS];
+ ELM *tmp_e;
+ int x, y;
+
+@@ -411,7 +416,8 @@ static void do_cite(WIN *w, int start, int end)
+ vt_send('>');
+ vt_send(' ');
+ tmp_e = mc_getline(w, y);
+- mc_wdrawelm_var(w, tmp_e, tmp_line);
++ wchar_t *tmp_line;
++ mc_wdrawelm_var(w, tmp_e, &tmp_line);
+ tmp_line[w->xs] = 0;
+ for (x = w->xs-1; x >= 0; x--) {
+ if (tmp_line[x] <= ' ')
+@@ -428,6 +434,7 @@ static void do_cite(WIN *w, int start, int end)
+ vt_send(buf[i]);
+ }
+ vt_send(13);
++ free(tmp_line);
+ }
+ }
+
+@@ -439,7 +446,6 @@ static void scrollback(void)
+ ELM *tmp_e;
+ int case_matters=0; /* fmg: case-importance, needed for 'N' */
+ static wchar_t look_for[MAX_SEARCH]; /* fmg: last used search pattern */
+- wchar_t tmp_line[MAXCOLS];
+ int citemode = 0;
+ int cite_ystart = 1000000,
+ cite_yend = -1,
+@@ -614,9 +620,11 @@ static void scrollback(void)
+ tmp_e = mc_getline(b_us, y);
+ if (wcslen(look_for) > 1) {
+ /* quick scan for pattern match */
+- mc_wdrawelm_var(b_us, tmp_e, tmp_line);
++ wchar_t *tmp_line;
++ mc_wdrawelm_var(b_us, tmp_e, &tmp_line);
+ inverse = (wcslen(tmp_line)>1 &&
+ StrStr(tmp_line, look_for, case_matters));
++ free(tmp_line);
+ } else
+ inverse = 0;
+ }
+@@ -662,9 +670,11 @@ static void scrollback(void)
+ tmp_e = mc_getline(b_us, y + b_us->ys - 1);
+ if (wcslen(look_for) > 1) {
+ /* quick scan for pattern match */
+- mc_wdrawelm_var(b_us, tmp_e, tmp_line);
++ wchar_t *tmp_line;
++ mc_wdrawelm_var(b_us, tmp_e, &tmp_line);
+ inverse = (wcslen(tmp_line)>1 &&
+ StrStr(tmp_line, look_for, case_matters));
++ free(tmp_line);
+ } else
+ inverse = 0;
+ }
+diff --git a/src/window.c b/src/window.c
+index 75f4c001818bef429d1b966a68713d8e437814f5..08b0c888451a4880d7a01e092d431560a9d20662 100644
+--- a/src/window.c
++++ b/src/window.c
+@@ -25,6 +25,7 @@
+ #include <limits.h>
+ #include <stdarg.h>
+ #include <wchar.h>
++#include <assert.h>
+
+ #include "port.h"
+ #include "minicom.h"
+@@ -1046,15 +1047,16 @@ void mc_wdrawelm(WIN *w, int y, ELM *e)
+ * 'accumulate' one line of ELM's into a string
+ * WHY: need this in search function to see if line contains search pattern
+ */
+-void mc_wdrawelm_var(WIN *w, ELM *e, wchar_t *buf)
++void mc_wdrawelm_var(WIN *w, ELM *e, wchar_t **buf)
+ {
+- int x, c = 0;
++ int sz = w->x2 - w->x1 + 2;
++ *buf = malloc(sizeof(**buf) * sz);
++ assert(*buf);
+
+- /* MARK updated 02/17/94 - Fixes bug, to do all 80 cols, not 79 cols */
+- for (x = w->x1; x <= w->x2; x++) {
+- buf[c++] = e->value;
+- e++;
+- }
++ (*buf)[sz - 1] = 0;
++
++ for (int c = 0; c < sz - 1; c++, e++)
++ (*buf)[c] = e->value;
+ }
+
+ /*
+diff --git a/src/window.h b/src/window.h
+index 1b8eb12a77f4e96ec80193175ebcfeb8a1192616..0f7eeaea55a3c15bccc2e5a0abb4374ab6834e65 100644
+--- a/src/window.h
++++ b/src/window.h
+@@ -186,7 +186,7 @@ int win_init(int fg, int bg, int attr);
+ #endif
+ /* fmg 8/20/97: both needed by history search section */
+ void mc_wdrawelm_inverse( WIN *w, int y, ELM *e);
+-void mc_wdrawelm_var(WIN *w, ELM *e, wchar_t *buf);
++void mc_wdrawelm_var(WIN *w, ELM *e, wchar_t **buf);
+ void mc_clear_window_simple(WIN *w);
+
+ /*
diff -Nru minicom-2.8/debian/patches/series minicom-2.8/debian/patches/series
--- minicom-2.8/debian/patches/series 2021-01-03 13:27:01.000000000 +0100
+++ minicom-2.8/debian/patches/series 2021-06-15 05:03:49.000000000 +0200
@@ -1,3 +1,7 @@
01manual.diff
03norzsz.diff
04reproducible.diff
+f118eb9efe89672e5c2a75b34960813db493b2ed.diff
+b6043854f1e762801347ed4bf4d368b49ad99217.diff
+d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff
+b7727586547b4a24939bef4176b8a0d5ad91d62d.diff
signature.asc
Description: PGP signature
