RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: [EMAIL PROTECTED] Module: rpm Date: 24-Apr-2008 15:10:37 Branch: rpm-5_0 Handle: 2008042413103502 Modified files: (Branch: rpm-5_0) rpm CHANGES rpm/rpmdb header.c rpm/rpmio rpmsw.c Log: - jbj: header: free tag data on error retrurn with damaged data. - rpm.org: rpmsw: insure that time has passed while calibrating (#435309). - jbj: header: fix: avoid double free with damaged data (#442761). Summary: Revision Changes Path 1.2054.2.59 +3 -0 rpm/CHANGES 1.146.2.2 +6 -1 rpm/rpmdb/header.c 2.14.2.1 +1 -0 rpm/rpmio/rpmsw.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/CHANGES ============================================================================ $ cvs diff -u -r1.2054.2.58 -r1.2054.2.59 CHANGES --- rpm/CHANGES 12 Mar 2008 16:49:07 -0000 1.2054.2.58 +++ rpm/CHANGES 24 Apr 2008 13:10:35 -0000 1.2054.2.59 @@ -1,4 +1,7 @@ 5.0.3 -> 5.0.4: + - jbj: header: free tag data on error retrurn with damaged data. + - rpm.org: rpmsw: insure that time has passed while calibrating (#435309). + - jbj: header: fix: avoid double free with damaged data (#442761). - jbj: QNX: retrofit u_int32_t typedef where needed. - jbj: add random arch name feelgood fluffiness (#432496). - jbj: prepare for Fedorable dependency loops (#437041). @@ . patch -p0 <<'@@ .' Index: rpm/rpmdb/header.c ============================================================================ $ cvs diff -u -r1.146.2.1 -r1.146.2.2 header.c --- rpm/rpmdb/header.c 3 Feb 2008 23:47:49 -0000 1.146.2.1 +++ rpm/rpmdb/header.c 24 Apr 2008 13:10:37 -0000 1.146.2.2 @@ -1217,6 +1217,7 @@ entryInfo pe = (entryInfo) (ei + 2); /[EMAIL PROTECTED]@*/ unsigned char * dataStart = (unsigned char *) (pe + ntohl(ei[0])); + unsigned char * dataEnd; uint32_t rdl; uint32_t ril; @@ -1243,11 +1244,14 @@ /[EMAIL PROTECTED]@*/ dataStart = (unsigned char *) memcpy(pe + ril, dataStart, rdl); + dataEnd = dataStart + rdl; /[EMAIL PROTECTED]@*/ - rdlen = regionSwab(NULL, ril, 0, pe, dataStart, NULL, 0); + rdlen = regionSwab(NULL, ril, 0, pe, dataStart, dataEnd, 0); /* XXX 1 on success. */ rc = (rdlen == 0) ? 0 : 1; + if (rc == 0) + he->p.ptr = _free(he->p.ptr); } else { count = entry->length; he->p.ptr = (!minMem @@ -2055,6 +2059,7 @@ if (!((rc == 0 && he->freeData == 0 && he->p.ptr == NULL) || (rc == 1 && he->freeData == 1 && he->p.ptr != NULL))) { +if (_hdr_debug) fprintf(stderr, "==> %s(%u) %u %p[%u] free %u rc %d\n", name, (unsigned) he->tag, (unsigned) he->t, he->p.ptr, (unsigned) he->c, he->freeData, rc); } /[EMAIL PROTECTED]@*/ @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmsw.c ============================================================================ $ cvs diff -u -r2.14 -r2.14.2.1 rpmsw.c --- rpm/rpmio/rpmsw.c 15 Nov 2007 17:27:59 -0000 2.14 +++ rpm/rpmio/rpmsw.c 24 Apr 2008 13:10:36 -0000 2.14.2.1 @@ -222,6 +222,7 @@ rpmsw_type = 1; /* Compute cycles/usec */ + if (sum_usecs > 0) /* XXX insure that time has passed. */ rpmsw_cycles = sum_cycles/sum_usecs; #else rpmsw_type = 0; @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org