1 files changed, 76 insertions, 0 deletions

diff --git a/fix_buggy_msgunfmt3.patch b/fix_buggy_msgunfmt3.patch
new file mode 100644
index 000000000000..2aea9a5ee0b8
--- /dev/null
+++ b/fix_buggy_msgunfmt3.patch
@@ -0,0 +1,76 @@
+From: Giovanni Santini <giovannisantini93@yahoo.it>
+Just fixed the patch for building against official PKGBUILD.
+See below for original patch infos.
+
+From 5d3eeaa0d3b7f4f6932bd29d859925a940b69459 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Wed, 11 Mar 2015 07:18:26 +0000
+Subject: msgunfmt: Check allocated size for static segment
+
+Reported by Max Lin in:
+http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html
+* read-mo.c (get_sysdep_string): Check if the embedded segment
+size is valid, before adding it to the string length.
+---
+diff -ur a/gettext-tools/src/ChangeLog b/gettext-tools/src/ChangeLog
+--- a/gettext-tools/src/ChangeLog	2014-12-24 07:32:59.000000000 +0100
++++ b/gettext-tools/src/ChangeLog	2015-07-15 11:10:47.253402348 +0200
+@@ -1,3 +1,11 @@
++2015-03-11  Daiki Ueno  <ueno@gnu.org>
++
++	msgunfmt: Check allocated size for static segment
++	Reported by Max Lin in:
++	http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html
++	* read-mo.c (get_sysdep_string): Check if the embedded segment
++	size is valid, before adding it to the string length.
++
+ 2014-12-24  Daiki Ueno  <ueno@gnu.org>
+ 
+ 	* gettext 0.19.4 released.
+diff -ur a/gettext-tools/src/read-mo.c b/gettext-tools/src/read-mo.c
+--- a/gettext-tools/src/read-mo.c	2014-12-09 09:43:46.000000000 +0100
++++ b/gettext-tools/src/read-mo.c	2015-07-15 11:15:24.563676393 +0200
+@@ -149,6 +149,7 @@
+   nls_uint32 s_offset;
+ 
+   /* Compute the length.  */
++  s_offset = get_uint32 (bfp, offset);
+   length = 0;
+   for (i = 4; ; i += 8)
+     {
+@@ -158,9 +159,14 @@
+       nls_uint32 ss_length;
+       nls_uint32 ss_offset;
+       size_t ss_end;
++      size_t s_end;
+       size_t n;
+ 
++      s_end = xsum (s_offset, segsize);
++      if (size_overflow_p (s_end) || s_end > bfp->size)
++        error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
+       length += segsize;
++      s_offset += segsize;
+ 
+       if (sysdepref == SEGMENTS_END)
+         break;
+@@ -175,7 +181,7 @@
+       ss_end = xsum (ss_offset, ss_length);
+       if (size_overflow_p (ss_end) || ss_end > bfp->size)
+         error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
+-      if (!(ss_length > 0 && bfp->data[ss_offset + ss_length - 1] == '\0'))
++      if (!(ss_length > 0 && bfp->data[ss_end - 1] == '\0'))
+         {
+           char location[30];
+           sprintf (location, "sysdep_segment[%u]", (unsigned int) sysdepref);
+@@ -198,11 +204,8 @@
+       nls_uint32 sysdep_segment_offset;
+       nls_uint32 ss_length;
+       nls_uint32 ss_offset;
+-      size_t s_end = xsum (s_offset, segsize);
+       size_t n;
+ 
+-      if (size_overflow_p (s_end) || s_end > bfp->size)
+-        error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
+       memcpy (p, bfp->data + s_offset, segsize);
+       p += segsize;
+       s_offset += segsize;