Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package minicom

minicom 2.8-2 addresses a smashed stack in testing, see bug #989735.
The upstream author provided four patches to address this issue.
I put these patches into debian/patches, nothing else has been changed.
The fix has been confirmed in #989735#55 by the bug's submitter.

debdiff attached

unblock minicom/2.8-2
diff -Nru minicom-2.8/debian/changelog minicom-2.8/debian/changelog
--- minicom-2.8/debian/changelog	2021-01-03 13:27:18.000000000 +0100
+++ minicom-2.8/debian/changelog	2021-06-15 05:20:21.000000000 +0200
@@ -1,3 +1,10 @@
+minicom (2.8-2) unstable; urgency=medium
+
+  * Fixed history buffer allocation, applied upstream 2021-06-13 patches,
+    thanks to Mike Crowe and Adam Lackorzynski, closes: #989735.
+
+ -- Martin A. Godisch <godi...@debian.org>  Tue, 15 Jun 2021 05:20:21 +0200
+
 minicom (2.8-1) unstable; urgency=low
 
   * New upstream release.
diff -Nru minicom-2.8/debian/patches/b6043854f1e762801347ed4bf4d368b49ad99217.diff minicom-2.8/debian/patches/b6043854f1e762801347ed4bf4d368b49ad99217.diff
--- minicom-2.8/debian/patches/b6043854f1e762801347ed4bf4d368b49ad99217.diff	1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.8/debian/patches/b6043854f1e762801347ed4bf4d368b49ad99217.diff	2021-06-15 05:07:38.000000000 +0200
@@ -0,0 +1,39 @@
+diff --git a/src/minicom.c b/src/minicom.c
+index 2719f8cce5a3edf42b34918a870299004d813d21..06dd7be5840dc2fca733a6d0c995e52f814ca568 100644
+--- a/src/minicom.c
++++ b/src/minicom.c
+@@ -173,7 +173,6 @@ static void shjump(int sig)
+ static ELM *mc_getline(WIN *w, int no)
+ {
+   int i;
+-  static ELM outofrange[MAXCOLS] = {{0,0,0}};
+ 
+   if (no < us->histlines) {
+     /* Get a line from the history buffer. */
+@@ -188,13 +187,20 @@ static ELM *mc_getline(WIN *w, int no)
+   /* Get a line from the "us" window. */
+   no -= us->histlines;
+   if (no >= w->ys) {
+-    if (outofrange[0].value == 0) {
+-      for (i = 0; i < MAXCOLS; i++) {
+-        outofrange[i].value = ' ';
+-        outofrange[i].color = us->color;
+-        outofrange[i].attr  = us->attr;
++    static int alloced_columns;
++    static ELM *outofrange;
++    int cols = w->x2 + 1;
++    if (cols > alloced_columns) {
++      free(outofrange);
++      outofrange = malloc(sizeof(*outofrange) * cols);
++      assert(outofrange);
++      alloced_columns = cols;
++
++      for (i = 0; i < cols; i++) {
++	outofrange[i].value = i == 0 ? '~' : ' ';
++	outofrange[i].color = us->color;
++	outofrange[i].attr  = us->attr;
+       }
+-      outofrange[0].value = '~';
+     }
+     return outofrange;
+   }
diff -Nru minicom-2.8/debian/patches/b7727586547b4a24939bef4176b8a0d5ad91d62d.diff minicom-2.8/debian/patches/b7727586547b4a24939bef4176b8a0d5ad91d62d.diff
--- minicom-2.8/debian/patches/b7727586547b4a24939bef4176b8a0d5ad91d62d.diff	1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.8/debian/patches/b7727586547b4a24939bef4176b8a0d5ad91d62d.diff	2021-06-15 04:58:44.000000000 +0200
@@ -0,0 +1,17 @@
+diff --git a/src/minicom.h b/src/minicom.h
+index ebc1dec6f06082c59059766fc89c19726e91aef1..cd75ec46ffaf6a0bd8564c15f1edeea55460a5b3 100644
+--- a/src/minicom.h
++++ b/src/minicom.h
+@@ -47,12 +47,6 @@
+ #include <arpa/inet.h>
+ #endif
+ 
+-/*
+- * kub...@debian.or.jp 08/08/98
+- * COLS must be equal to or less than MAXCOLS.
+- */
+-#define MAXCOLS 256
+-
+ #define XA_OK_EXIST	1
+ #define XA_OK_NOTEXIST	2
+ 
diff -Nru minicom-2.8/debian/patches/d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff minicom-2.8/debian/patches/d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff
--- minicom-2.8/debian/patches/d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff	1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.8/debian/patches/d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff	2021-06-15 05:08:25.000000000 +0200
@@ -0,0 +1,22 @@
+diff --git a/src/minicom.c b/src/minicom.c
+index 06dd7be5840dc2fca733a6d0c995e52f814ca568..f6c84c85427a04d739fdd3edbfcf0260835d4729 100644
+--- a/src/minicom.c
++++ b/src/minicom.c
+@@ -377,12 +377,13 @@ const wchar_t *upcase(wchar_t *dest, wchar_t *src)
+  */
+ wchar_t *StrStr(wchar_t *str1, wchar_t *str2, int case_matters)
+ {
+-  wchar_t tmpstr1[MAXCOLS], tmpstr2[MAXCOLS];
+-
+   if (case_matters)
+     return wcsstr(str1, str2);
+-  else
+-    return wcsstr(upcase(tmpstr1, str1), upcase(tmpstr2, str2));
++
++  size_t len1 = wcslen(str1) + 1;
++  size_t len2 = wcslen(str2) + 1;
++  wchar_t tmpstr1[len1], tmpstr2[len2];
++  return wcsstr(upcase(tmpstr1, str1), upcase(tmpstr2, str2));
+ }
+ 
+ static void drawcite(WIN *w, int y, int citey, int start, int end)
diff -Nru minicom-2.8/debian/patches/f118eb9efe89672e5c2a75b34960813db493b2ed.diff minicom-2.8/debian/patches/f118eb9efe89672e5c2a75b34960813db493b2ed.diff
--- minicom-2.8/debian/patches/f118eb9efe89672e5c2a75b34960813db493b2ed.diff	1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.8/debian/patches/f118eb9efe89672e5c2a75b34960813db493b2ed.diff	2021-06-15 05:11:21.000000000 +0200
@@ -0,0 +1,182 @@
+diff --git a/src/minicom.c b/src/minicom.c
+index 9b166dc13ebed70122bb3cbfa783e924af4e8e3c..2719f8cce5a3edf42b34918a870299004d813d21 100644
+--- a/src/minicom.c
++++ b/src/minicom.c
+@@ -231,15 +231,15 @@ void drawhist_look(WIN *w, int y, int r, wchar_t *look, int case_matters)
+ {
+   int f;
+   ELM *tmp_e;
+-  wchar_t tmp_line[MAXCOLS];
+ 
+-  tmp_line[0]='\0';
+   w->direct = 0;
+   for (f = 0; f < w->ys; f++) {
+     tmp_e = mc_getline(w, y++);
+ 
++    wchar_t *tmp_line;
++
+     /* First we "accumulate" the line into a variable */
+-    mc_wdrawelm_var(w, tmp_e, tmp_line);
++    mc_wdrawelm_var(w, tmp_e, &tmp_line);
+ 
+     /* Does it have what we want? */
+     if (wcslen(look) > 1 && wcslen(tmp_line) > 1) {
+@@ -248,6 +248,8 @@ void drawhist_look(WIN *w, int y, int r, wchar_t *look, int case_matters)
+       else
+         mc_wdrawelm(w, f, tmp_e); /* 'normal' output */
+     }
++
++    free(tmp_line);
+   }
+ 
+   if (r)
+@@ -315,14 +317,11 @@ int find_next(WIN *w, WIN *w_hist,
+ {
+   int next_line;
+   ELM *tmp_e;
+-  wchar_t tmp_line[MAXCOLS];
+   int all_lines;
+ 
+   if (!look)
+     return(++hit_line); /* next line */
+ 
+-  tmp_line[0] = '\0';	/* Personal phobia, I need to do this.. */
+-
+   hit_line++;           /* we NEED this so we don't search only same line! */
+   all_lines = w->histlines + w_hist->ys;
+ 
+@@ -335,16 +334,23 @@ int find_next(WIN *w, WIN *w_hist,
+     /* we do 'something' here... :-) */
+     tmp_e = mc_getline(w_hist, next_line);
+ 
++    wchar_t *tmp_line;
++
+     /*
+      * First we "accumulate" the line into a variable.
+      * To see 'why', see what an 'ELM' structure looks like!
+      */
+-    mc_wdrawelm_var(w, tmp_e, tmp_line);
++    mc_wdrawelm_var(w, tmp_e, &tmp_line);
+ 
+     /* Does it have what we want? */
+     if (wcslen(tmp_line) > 1 && wcslen(look) > 1)
+       if (StrStr(tmp_line, look, case_matters))
+-        return next_line;
++        {
++          free(tmp_line);
++          return next_line;
++        }
++
++    free(tmp_line);
+   }
+ 
+   if (hit_line >= all_lines) {	/* Make sure we've got a valid line! */
+@@ -403,7 +409,6 @@ static void drawcite_whole(WIN *w, int y, int start, int end)
+ 
+ static void do_cite(WIN *w, int start, int end)
+ {
+-  wchar_t tmp_line[MAXCOLS];
+   ELM *tmp_e;
+   int x, y;
+ 
+@@ -411,7 +416,8 @@ static void do_cite(WIN *w, int start, int end)
+     vt_send('>');
+     vt_send(' ');
+     tmp_e = mc_getline(w, y);
+-    mc_wdrawelm_var(w, tmp_e, tmp_line);
++    wchar_t *tmp_line;
++    mc_wdrawelm_var(w, tmp_e, &tmp_line);
+     tmp_line[w->xs] = 0;
+     for (x = w->xs-1; x >= 0; x--) {
+       if (tmp_line[x] <= ' ')
+@@ -428,6 +434,7 @@ static void do_cite(WIN *w, int start, int end)
+         vt_send(buf[i]);
+     }
+     vt_send(13);
++    free(tmp_line);
+   }
+ }
+ 
+@@ -439,7 +446,6 @@ static void scrollback(void)
+   ELM *tmp_e;
+   int case_matters=0;	/* fmg: case-importance, needed for 'N' */
+   static wchar_t look_for[MAX_SEARCH];	/* fmg: last used search pattern */
+-  wchar_t tmp_line[MAXCOLS];
+   int citemode = 0;
+   int cite_ystart = 1000000,
+       cite_yend = -1,
+@@ -614,9 +620,11 @@ static void scrollback(void)
+           tmp_e = mc_getline(b_us, y);
+           if (wcslen(look_for) > 1) {
+             /* quick scan for pattern match */
+-            mc_wdrawelm_var(b_us, tmp_e, tmp_line);
++            wchar_t *tmp_line;
++            mc_wdrawelm_var(b_us, tmp_e, &tmp_line);
+             inverse = (wcslen(tmp_line)>1 &&
+                          StrStr(tmp_line, look_for, case_matters));
++            free(tmp_line);
+           } else
+             inverse = 0;
+         }
+@@ -662,9 +670,11 @@ static void scrollback(void)
+           tmp_e = mc_getline(b_us, y + b_us->ys - 1);
+           if (wcslen(look_for) > 1) {
+             /* quick scan for pattern match */
+-            mc_wdrawelm_var(b_us, tmp_e, tmp_line);
++            wchar_t *tmp_line;
++            mc_wdrawelm_var(b_us, tmp_e, &tmp_line);
+             inverse = (wcslen(tmp_line)>1 &&
+                          StrStr(tmp_line, look_for, case_matters));
++            free(tmp_line);
+           } else
+             inverse = 0;
+         }
+diff --git a/src/window.c b/src/window.c
+index 75f4c001818bef429d1b966a68713d8e437814f5..08b0c888451a4880d7a01e092d431560a9d20662 100644
+--- a/src/window.c
++++ b/src/window.c
+@@ -25,6 +25,7 @@
+ #include <limits.h>
+ #include <stdarg.h>
+ #include <wchar.h>
++#include <assert.h>
+ 
+ #include "port.h"
+ #include "minicom.h"
+@@ -1046,15 +1047,16 @@ void mc_wdrawelm(WIN *w, int y, ELM *e)
+  * 'accumulate' one line of ELM's into a string
+  * WHY: need this in search function to see if line contains search pattern
+  */
+-void mc_wdrawelm_var(WIN *w, ELM *e, wchar_t *buf)
++void mc_wdrawelm_var(WIN *w, ELM *e, wchar_t **buf)
+ {
+-  int x, c = 0;
++  int sz = w->x2 - w->x1 + 2;
++  *buf = malloc(sizeof(**buf) * sz);
++  assert(*buf);
+ 
+-  /* MARK updated 02/17/94 - Fixes bug, to do all 80 cols, not 79 cols */
+-  for (x = w->x1; x <= w->x2; x++) {
+-    buf[c++] = e->value;
+-    e++;
+-  }
++  (*buf)[sz - 1] = 0;
++
++  for (int c = 0; c < sz - 1; c++, e++)
++    (*buf)[c] = e->value;
+ }
+ 
+ /*
+diff --git a/src/window.h b/src/window.h
+index 1b8eb12a77f4e96ec80193175ebcfeb8a1192616..0f7eeaea55a3c15bccc2e5a0abb4374ab6834e65 100644
+--- a/src/window.h
++++ b/src/window.h
+@@ -186,7 +186,7 @@ int win_init(int fg, int bg, int attr);
+ #endif
+ /* fmg 8/20/97: both needed by history search section */
+ void mc_wdrawelm_inverse( WIN *w, int y, ELM *e);
+-void mc_wdrawelm_var(WIN *w, ELM *e, wchar_t *buf);
++void mc_wdrawelm_var(WIN *w, ELM *e, wchar_t **buf);
+ void mc_clear_window_simple(WIN *w);
+ 
+ /*
diff -Nru minicom-2.8/debian/patches/series minicom-2.8/debian/patches/series
--- minicom-2.8/debian/patches/series	2021-01-03 13:27:01.000000000 +0100
+++ minicom-2.8/debian/patches/series	2021-06-15 05:03:49.000000000 +0200
@@ -1,3 +1,7 @@
 01manual.diff
 03norzsz.diff
 04reproducible.diff
+f118eb9efe89672e5c2a75b34960813db493b2ed.diff
+b6043854f1e762801347ed4bf4d368b49ad99217.diff
+d090ef81077c733ce5352da6cfe4af9aa20fc34d.diff
+b7727586547b4a24939bef4176b8a0d5ad91d62d.diff

Attachment: signature.asc
Description: PGP signature

Reply via email to