diff options
Diffstat (limited to 'fix_buggy_msgunfmt3.patch')
-rw-r--r-- | fix_buggy_msgunfmt3.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/fix_buggy_msgunfmt3.patch b/fix_buggy_msgunfmt3.patch new file mode 100644 index 000000000000..2aea9a5ee0b8 --- /dev/null +++ b/fix_buggy_msgunfmt3.patch @@ -0,0 +1,76 @@ +From: Giovanni Santini <giovannisantini93@yahoo.it> +Just fixed the patch for building against official PKGBUILD. +See below for original patch infos. + +From 5d3eeaa0d3b7f4f6932bd29d859925a940b69459 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno <ueno@gnu.org> +Date: Wed, 11 Mar 2015 07:18:26 +0000 +Subject: msgunfmt: Check allocated size for static segment + +Reported by Max Lin in: +http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html +* read-mo.c (get_sysdep_string): Check if the embedded segment +size is valid, before adding it to the string length. +--- +diff -ur a/gettext-tools/src/ChangeLog b/gettext-tools/src/ChangeLog +--- a/gettext-tools/src/ChangeLog 2014-12-24 07:32:59.000000000 +0100 ++++ b/gettext-tools/src/ChangeLog 2015-07-15 11:10:47.253402348 +0200 +@@ -1,3 +1,11 @@ ++2015-03-11 Daiki Ueno <ueno@gnu.org> ++ ++ msgunfmt: Check allocated size for static segment ++ Reported by Max Lin in: ++ http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html ++ * read-mo.c (get_sysdep_string): Check if the embedded segment ++ size is valid, before adding it to the string length. ++ + 2014-12-24 Daiki Ueno <ueno@gnu.org> + + * gettext 0.19.4 released. +diff -ur a/gettext-tools/src/read-mo.c b/gettext-tools/src/read-mo.c +--- a/gettext-tools/src/read-mo.c 2014-12-09 09:43:46.000000000 +0100 ++++ b/gettext-tools/src/read-mo.c 2015-07-15 11:15:24.563676393 +0200 +@@ -149,6 +149,7 @@ + nls_uint32 s_offset; + + /* Compute the length. */ ++ s_offset = get_uint32 (bfp, offset); + length = 0; + for (i = 4; ; i += 8) + { +@@ -158,9 +159,14 @@ + nls_uint32 ss_length; + nls_uint32 ss_offset; + size_t ss_end; ++ size_t s_end; + size_t n; + ++ s_end = xsum (s_offset, segsize); ++ if (size_overflow_p (s_end) || s_end > bfp->size) ++ error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename); + length += segsize; ++ s_offset += segsize; + + if (sysdepref == SEGMENTS_END) + break; +@@ -175,7 +181,7 @@ + ss_end = xsum (ss_offset, ss_length); + if (size_overflow_p (ss_end) || ss_end > bfp->size) + error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename); +- if (!(ss_length > 0 && bfp->data[ss_offset + ss_length - 1] == '\0')) ++ if (!(ss_length > 0 && bfp->data[ss_end - 1] == '\0')) + { + char location[30]; + sprintf (location, "sysdep_segment[%u]", (unsigned int) sysdepref); +@@ -198,11 +204,8 @@ + nls_uint32 sysdep_segment_offset; + nls_uint32 ss_length; + nls_uint32 ss_offset; +- size_t s_end = xsum (s_offset, segsize); + size_t n; + +- if (size_overflow_p (s_end) || s_end > bfp->size) +- error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename); + memcpy (p, bfp->data + s_offset, segsize); + p += segsize; + s_offset += segsize; |