Hello community,
here is the log from the commit of package editorconfig-core-c for
openSUSE:Factory checked in at 2020-09-01 20:03:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/editorconfig-core-c (Old)
and /work/SRC/openSUSE:Factory/.editorconfig-core-c.new.3399 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "editorconfig-core-c"
Tue Sep 1 20:03:56 2020 rev:7 rq:830690 version:0.12.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/editorconfig-core-c/editorconfig-core-c.changes
2018-12-10 12:27:10.546596661 +0100
+++
/work/SRC/openSUSE:Factory/.editorconfig-core-c.new.3399/editorconfig-core-c.changes
2020-09-01 20:05:02.868527298 +0200
@@ -1,0 +2,6 @@
+Fri Aug 28 05:48:06 UTC 2020 - Fabian Vogt <fv...@suse.com>
+
+- Add patch to fix crash when parsing certain files (boo#1175824):
+ * 0001-fix-prevent-buffer-overflow-74.patch
+
+-------------------------------------------------------------------
New:
----
0001-fix-prevent-buffer-overflow-74.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ editorconfig-core-c.spec ++++++
--- /var/tmp/diff_new_pack.LSNcm8/_old 2020-09-01 20:05:05.268528421 +0200
+++ /var/tmp/diff_new_pack.LSNcm8/_new 2020-09-01 20:05:05.272528422 +0200
@@ -27,6 +27,8 @@
Source99: baselibs.conf
Patch0: editorconfig-core-c-0.12.1-install_paths.patch
Patch1: editorconfig-core-c-0.12.1-no_timestamp.patch
+# PATCH-FIX-UPSTREAM
+Patch2: 0001-fix-prevent-buffer-overflow-74.patch
BuildRequires: cmake >= 2.8.12
BuildRequires: doxygen
BuildRequires: pkgconfig
@@ -82,9 +84,7 @@
This package contains files for developing and building with %{name}
%prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
+%autosetup -p1
%build
%cmake \
++++++ 0001-fix-prevent-buffer-overflow-74.patch ++++++
>From 4b8fbeb9296b3d2eb14d6c3789bd02a7ff963be7 Mon Sep 17 00:00:00 2001
From: Yoan Blanc <y...@dosimple.ch>
Date: Thu, 27 Aug 2020 19:37:25 +0200
Subject: [PATCH] fix: prevent buffer overflow (#74)
Closes #73
Signed-off-by: Yoan Blanc <y...@dosimple.ch>
---
src/lib/editorconfig.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib/editorconfig.c b/src/lib/editorconfig.c
index 977819f..e5262ca 100644
--- a/src/lib/editorconfig.c
+++ b/src/lib/editorconfig.c
@@ -138,7 +138,7 @@ static int array_editorconfig_name_value_add(
int name_value_pos;
/* always use name_lwr but not name, since property names are case
* insensitive */
- char name_lwr[MAX_PROPERTY_NAME];
+ char name_lwr[MAX_PROPERTY_NAME+1] = {0};
/* For the first time we came here, aenv->name_values is NULL */
if (aenv->name_values == NULL) {
aenv->name_values = (editorconfig_name_value*)malloc(
@@ -153,7 +153,7 @@ static int array_editorconfig_name_value_add(
/* name_lwr is the lowercase property name */
- strlwr(strcpy(name_lwr, name));
+ strlwr(strncpy(name_lwr, name, MAX_PROPERTY_NAME));
name_value_pos = find_name_value_from_name(
aenv->name_values, aenv->current_value_count, name_lwr);
--
2.25.1
