OpenPKG Specs / annotate

gzip/gzip.patch@870131689a5c (annotated)

gzip/gzip.patch

Sat, 21 May 2011 22:05:42 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Sat, 21 May 2011 22:05:42 +0200
changeset 340
870131689a5c
permissions
-rw-r--r--

Correct diverse buildconf of upstream release and reconcile packaging somewhat.
These changes stem from the obvious changes in the latest vendor release, but
from discussions with trolls Daniel and Oswald as well regarding build config.

This commital follows conclusion of buildconf adjustments to allow the new
vendor version to build on Linux AMD64, but is incomplete as many packaging
comments show. The next series of changes focus on Solaris IA32 and reduction
of buildconf adjustments testing old problems comprehensively in anticipation
of discussion at the upcoming Nokia Contributor Summit in Berlin.

michael@241 1 Security Fix
michael@241 2
michael@241 3 Index: gzip.c
michael@241 4 --- gzip.c.orig 2009-09-26 20:56:02 +0200
michael@241 5 +++ gzip.c 2009-10-07 07:59:53 +0200
michael@241 6 @@ -168,7 +168,7 @@
michael@241 7 DECLARE(uch, inbuf, INBUFSIZ +INBUF_EXTRA);
michael@241 8 DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
michael@241 9 DECLARE(ush, d_buf, DIST_BUFSIZE);
michael@241 10 -DECLARE(uch, window, 2L*WSIZE);
michael@241 11 +DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to peeking beyond the buffer end */
michael@241 12 #ifndef MAXSEG_64K
michael@241 13 DECLARE(ush, tab_prefix, 1L<<BITS);
michael@241 14 #else
michael@241 15
michael@241 16 -----------------------------------------------------------------------------
michael@241 17
michael@241 18 Security Fixes
michael@241 19 - OOB write (CVE-2006-4335)
michael@241 20 - Buffer underflow (CVE-2006-4336)
michael@241 21 - Buffer overflow (CVE-2006-4337)
michael@241 22 - Infinite loop (CVE-2006-4338)
michael@241 23
michael@241 24 Index: gzip.h
michael@241 25 --- gzip.h.orig 2009-09-26 20:43:28 +0200
michael@241 26 +++ gzip.h 2009-10-07 07:59:53 +0200
michael@241 27 @@ -223,6 +223,8 @@
michael@241 28 extern int to_stdout; /* output to stdout (-c) */
michael@241 29 extern int save_orig_name; /* set if original name must be saved */
michael@241 30
michael@241 31 +#define MIN(a,b) ((a) <= (b) ? (a) : (b))
michael@241 32 +
michael@241 33 #define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
michael@241 34 #define try_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
michael@241 35
michael@241 36 Index: unlzh.c
michael@241 37 --- unlzh.c.orig 2009-09-26 20:20:40 +0200
michael@241 38 +++ unlzh.c 2009-10-07 07:59:53 +0200
michael@241 39 @@ -141,12 +141,17 @@
michael@241 40 unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
michael@241 41
michael@241 42 for (i = 1; i <= 16; i++) count[i] = 0;
michael@241 43 - for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
michael@241 44 + for (i = 0; i < (unsigned)nchar; i++) {
michael@241 45 + if (bitlen[i] > 16)
michael@241 46 + error("Bad table\n");
michael@241 47 + else
michael@241 48 + count[bitlen[i]]++;
michael@241 49 + }
michael@241 50
michael@241 51 start[1] = 0;
michael@241 52 for (i = 1; i <= 16; i++)
michael@241 53 start[i + 1] = start[i] + (count[i] << (16 - i));
michael@241 54 - if ((start[17] & 0xffff) != 0)
michael@241 55 + if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
michael@241 56 gzip_error ("Bad table\n");
michael@241 57
michael@241 58 jutbits = 16 - tablebits;
michael@241 59 @@ -161,15 +166,15 @@
michael@241 60
michael@241 61 i = start[tablebits + 1] >> jutbits;
michael@241 62 if (i != 0) {
michael@241 63 - k = 1 << tablebits;
michael@241 64 - while (i != k) table[i++] = 0;
michael@241 65 + k = MIN(1 << tablebits, DIST_BUFSIZE);
michael@241 66 + while (i < k) table[i++] = 0;
michael@241 67 }
michael@241 68
michael@241 69 avail = nchar;
michael@241 70 mask = (unsigned) 1 << (15 - tablebits);
michael@241 71 for (ch = 0; ch < (unsigned)nchar; ch++) {
michael@241 72 if ((len = bitlen[ch]) == 0) continue;
michael@241 73 - nextcode = start[len] + weight[len];
michael@241 74 + nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
michael@241 75 if (len <= (unsigned)tablebits) {
michael@241 76 if ((unsigned) 1 << tablebits < nextcode)
michael@241 77 gzip_error ("Bad table\n");
michael@241 78 @@ -212,7 +217,7 @@
michael@241 79 for (i = 0; i < 256; i++) pt_table[i] = c;
michael@241 80 } else {
michael@241 81 i = 0;
michael@241 82 - while (i < n) {
michael@241 83 + while (i < MIN(n,NPT)) {
michael@241 84 c = bitbuf >> (BITBUFSIZ - 3);
michael@241 85 if (c == 7) {
michael@241 86 mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
michael@241 87 @@ -224,7 +229,7 @@
michael@241 88 pt_len[i++] = c;
michael@241 89 if (i == i_special) {
michael@241 90 c = getbits(2);
michael@241 91 - while (--c >= 0) pt_len[i++] = 0;
michael@241 92 + while (--c >= 0 && i < NPT) pt_len[i++] = 0;
michael@241 93 }
michael@241 94 }
michael@241 95 while (i < nn) pt_len[i++] = 0;
michael@241 96 @@ -244,7 +249,7 @@
michael@241 97 for (i = 0; i < 4096; i++) c_table[i] = c;
michael@241 98 } else {
michael@241 99 i = 0;
michael@241 100 - while (i < n) {
michael@241 101 + while (i < MIN(n,NC)) {
michael@241 102 c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
michael@241 103 if (c >= NT) {
michael@241 104 mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
michael@241 105 @@ -252,14 +257,14 @@
michael@241 106 if (bitbuf & mask) c = right[c];
michael@241 107 else c = left [c];
michael@241 108 mask >>= 1;
michael@241 109 - } while (c >= NT);
michael@241 110 + } while (c >= NT && (mask || c != left[c]));
michael@241 111 }
michael@241 112 fillbuf((int) pt_len[c]);
michael@241 113 if (c <= 2) {
michael@241 114 if (c == 0) c = 1;
michael@241 115 else if (c == 1) c = getbits(4) + 3;
michael@241 116 else c = getbits(CBIT) + 20;
michael@241 117 - while (--c >= 0) c_len[i++] = 0;
michael@241 118 + while (--c >= 0 && i < NC) c_len[i++] = 0;
michael@241 119 } else c_len[i++] = c - 2;
michael@241 120 }
michael@241 121 while (i < NC) c_len[i++] = 0;
michael@241 122 @@ -288,7 +293,7 @@
michael@241 123 if (bitbuf & mask) j = right[j];
michael@241 124 else j = left [j];
michael@241 125 mask >>= 1;
michael@241 126 - } while (j >= NC);
michael@241 127 + } while (j >= NC && (mask || j != left[j]));
michael@241 128 }
michael@241 129 fillbuf((int) c_len[j]);
michael@241 130 return j;
michael@241 131 @@ -305,7 +310,7 @@
michael@241 132 if (bitbuf & mask) j = right[j];
michael@241 133 else j = left [j];
michael@241 134 mask >>= 1;
michael@241 135 - } while (j >= NP);
michael@241 136 + } while (j >= NP && (mask || j != left[j]));
michael@241 137 }
michael@241 138 fillbuf((int) pt_len[j]);
michael@241 139 if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
michael@241 140 @@ -352,7 +357,7 @@
michael@241 141 while (--j >= 0) {
michael@241 142 buffer[r] = buffer[i];
michael@241 143 i = (i + 1) & (DICSIZ - 1);
michael@241 144 - if (++r == count) return r;
michael@241 145 + if (++r >= count) return r;
michael@241 146 }
michael@241 147 for ( ; ; ) {
michael@241 148 c = decode_c();
michael@241 149 @@ -362,14 +367,14 @@
michael@241 150 }
michael@241 151 if (c <= UCHAR_MAX) {
michael@241 152 buffer[r] = c;
michael@241 153 - if (++r == count) return r;
michael@241 154 + if (++r >= count) return r;
michael@241 155 } else {
michael@241 156 j = c - (UCHAR_MAX + 1 - THRESHOLD);
michael@241 157 i = (r - decode_p() - 1) & (DICSIZ - 1);
michael@241 158 while (--j >= 0) {
michael@241 159 buffer[r] = buffer[i];
michael@241 160 i = (i + 1) & (DICSIZ - 1);
michael@241 161 - if (++r == count) return r;
michael@241 162 + if (++r >= count) return r;
michael@241 163 }
michael@241 164 }
michael@241 165 }
michael@241 166 Index: unpack.c
michael@241 167 --- unpack.c.orig 2009-09-26 20:43:28 +0200
michael@241 168 +++ unpack.c 2009-10-07 07:59:53 +0200
michael@241 169 @@ -22,7 +22,6 @@
michael@241 170 #include "gzip.h"
michael@241 171 #include "crypt.h"
michael@241 172
michael@241 173 -#define MIN(a,b) ((a) <= (b) ? (a) : (b))
michael@241 174 /* The arguments must not have side effects. */
michael@241 175
michael@241 176 #define MAX_BITLEN 25
michael@241 177 @@ -146,7 +145,7 @@
michael@241 178 /* Remember where the literals of this length start in literal[] : */
michael@241 179 lit_base[len] = base;
michael@241 180 /* And read the literals: */
michael@241 181 - for (n = leaves[len]; n > 0; n--) {
michael@241 182 + for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
michael@241 183 literal[base++] = (uch)get_byte();
michael@241 184 }
michael@241 185 }
michael@241 186 @@ -182,7 +181,7 @@
michael@241 187 prefixp = &prefix_len[1<<peek_bits];
michael@241 188 for (len = 1; len <= peek_bits; len++) {
michael@241 189 int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
michael@241 190 - while (prefixes--) *--prefixp = (uch)len;
michael@241 191 + while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
michael@241 192 }
michael@241 193 /* The length of all other codes is unknown: */
michael@241 194 while (prefixp > prefix_len) *--prefixp = 0;

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial