[gentoo-commits] repo/gentoo:master commit in: dev-debug/sysdig/files/, dev-debug/sysdig/

Thu, 27 Mar 2025 05:06:11 -0700 

commit:     a4b6e63441547f20982d672cf3d5a381fb04ec75
Author:     Holger Hoffstätte <holger <AT> applied-asynchrony <DOT> com>
AuthorDate: Fri Mar  7 18:12:50 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 27 12:04:41 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4b6e634

dev-debug/sysdig: fix buffer overrun reading sockets from procfs

Signed-off-by: Holger Hoffstätte <holger <AT> applied-asynchrony.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...uffer-overrun-reading-sockets-from-procfs.patch | 36 ++++++++++++++++++++++
 dev-debug/sysdig/sysdig-0.40.1.ebuild              |  5 +++
 2 files changed, 41 insertions(+)

diff --git 
a/dev-debug/sysdig/files/libs-0.20-fix-buffer-overrun-reading-sockets-from-procfs.patch
 
b/dev-debug/sysdig/files/libs-0.20-fix-buffer-overrun-reading-sockets-from-procfs.patch
new file mode 100644
index 000000000000..9741fad48e2a
--- /dev/null
+++ 
b/dev-debug/sysdig/files/libs-0.20-fix-buffer-overrun-reading-sockets-from-procfs.patch
@@ -0,0 +1,36 @@
+
+Patch from:
+https://github.com/falcosecurity/libs/commit/de3f4cac9233682eae63c63377c82efb649679f5
+
+From de3f4cac9233682eae63c63377c82efb649679f5 Mon Sep 17 00:00:00 2001
+From: Shane Lawrence <[email protected]>
+Date: Thu, 20 Feb 2025 14:55:41 +0000
+Subject: [PATCH] Fix buffer overrun reading sockets from procfs.
+
+Signed-off-by: Shane Lawrence <[email protected]>
+---
+ userspace/libscap/linux/scap_fds.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/userspace/libscap/linux/scap_fds.c 
b/userspace/libscap/linux/scap_fds.c
+index f98ac3f32f..73e99ca428 100644
+--- a/userspace/libscap/linux/scap_fds.c
++++ b/userspace/libscap/linux/scap_fds.c
+@@ -766,7 +766,7 @@ int32_t scap_fd_read_ipv4_sockets_from_proc_fs(const char 
*dir,
+                                       break;
+                               }
+ 
+-                              while(*scan_pos == ' ' && scan_pos < scan_end) {
++                              while(scan_pos < scan_end && *scan_pos == ' ') {
+                                       scan_pos++;
+                               }
+ 
+@@ -974,7 +974,7 @@ int32_t scap_fd_read_ipv6_sockets_from_proc_fs(char *dir,
+                                       break;
+                               }
+ 
+-                              while(*scan_pos == ' ' && scan_pos < scan_end) {
++                              while(scan_pos < scan_end && *scan_pos == ' ') {
+                                       scan_pos++;
+                               }
+ 

diff --git a/dev-debug/sysdig/sysdig-0.40.1.ebuild 
b/dev-debug/sysdig/sysdig-0.40.1.ebuild
index 5d37a6719dac..886c0561ccdc 100644
--- a/dev-debug/sysdig/sysdig-0.40.1.ebuild
+++ b/dev-debug/sysdig/sysdig-0.40.1.ebuild
@@ -75,6 +75,11 @@ pkg_pretend() {
 }
 
 src_prepare() {
+       # manually apply patches to falcosecurity-libs
+       pushd "${WORKDIR}/libs-${LIBS_VERSION}"
+               eapply 
"${FILESDIR}/libs-0.20-fix-buffer-overrun-reading-sockets-from-procfs.patch" || 
die
+       popd
+
        # do not build with debugging info
        sed -i -e 's/-ggdb//g' CMakeLists.txt 
"${WORKDIR}"/libs-${LIBS_VERSION}/cmake/modules/CompilerFlags.cmake || die

Reply via email to