Hello community, here is the log from the commit of package editorconfig-core-c for openSUSE:Factory checked in at 2020-09-01 20:03:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/editorconfig-core-c (Old) and /work/SRC/openSUSE:Factory/.editorconfig-core-c.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "editorconfig-core-c" Tue Sep 1 20:03:56 2020 rev:7 rq:830690 version:0.12.3 Changes: -------- --- /work/SRC/openSUSE:Factory/editorconfig-core-c/editorconfig-core-c.changes 2018-12-10 12:27:10.546596661 +0100 +++ /work/SRC/openSUSE:Factory/.editorconfig-core-c.new.3399/editorconfig-core-c.changes 2020-09-01 20:05:02.868527298 +0200 @@ -1,0 +2,6 @@ +Fri Aug 28 05:48:06 UTC 2020 - Fabian Vogt <fv...@suse.com> + +- Add patch to fix crash when parsing certain files (boo#1175824): + * 0001-fix-prevent-buffer-overflow-74.patch + +------------------------------------------------------------------- New: ---- 0001-fix-prevent-buffer-overflow-74.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ editorconfig-core-c.spec ++++++ --- /var/tmp/diff_new_pack.LSNcm8/_old 2020-09-01 20:05:05.268528421 +0200 +++ /var/tmp/diff_new_pack.LSNcm8/_new 2020-09-01 20:05:05.272528422 +0200 @@ -27,6 +27,8 @@ Source99: baselibs.conf Patch0: editorconfig-core-c-0.12.1-install_paths.patch Patch1: editorconfig-core-c-0.12.1-no_timestamp.patch +# PATCH-FIX-UPSTREAM +Patch2: 0001-fix-prevent-buffer-overflow-74.patch BuildRequires: cmake >= 2.8.12 BuildRequires: doxygen BuildRequires: pkgconfig @@ -82,9 +84,7 @@ This package contains files for developing and building with %{name} %prep -%setup -q -%patch0 -p1 -%patch1 -p1 +%autosetup -p1 %build %cmake \ ++++++ 0001-fix-prevent-buffer-overflow-74.patch ++++++ >From 4b8fbeb9296b3d2eb14d6c3789bd02a7ff963be7 Mon Sep 17 00:00:00 2001 From: Yoan Blanc <y...@dosimple.ch> Date: Thu, 27 Aug 2020 19:37:25 +0200 Subject: [PATCH] fix: prevent buffer overflow (#74) Closes #73 Signed-off-by: Yoan Blanc <y...@dosimple.ch> --- src/lib/editorconfig.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/editorconfig.c b/src/lib/editorconfig.c index 977819f..e5262ca 100644 --- a/src/lib/editorconfig.c +++ b/src/lib/editorconfig.c @@ -138,7 +138,7 @@ static int array_editorconfig_name_value_add( int name_value_pos; /* always use name_lwr but not name, since property names are case * insensitive */ - char name_lwr[MAX_PROPERTY_NAME]; + char name_lwr[MAX_PROPERTY_NAME+1] = {0}; /* For the first time we came here, aenv->name_values is NULL */ if (aenv->name_values == NULL) { aenv->name_values = (editorconfig_name_value*)malloc( @@ -153,7 +153,7 @@ static int array_editorconfig_name_value_add( /* name_lwr is the lowercase property name */ - strlwr(strcpy(name_lwr, name)); + strlwr(strncpy(name_lwr, name, MAX_PROPERTY_NAME)); name_value_pos = find_name_value_from_name( aenv->name_values, aenv->current_value_count, name_lwr); -- 2.25.1