gzip/gzip.patch@4a34d7a82eab
gzip/gzip.patch
Tue, 29 Mar 2011 20:04:34 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Tue, 29 Mar 2011 20:04:34 +0200
- changeset 334
- 4a34d7a82eab
- permissions
- -rw-r--r--
Rework package yet again, correcting and introducing new buildconf logic:
Conditionally disable bootstrap stage comparison correctly, correct
english grammar, better find system as(1) and ld(1), indotruce detailed
optimization option messages, more completely guess cpu types, allow
profiled bootstrapping without a preinstalled GCC because many other
compilers have long since implemented 64-bit arithmetic, instruct make
to build sequentially (not in sparallel) when building a profiled
bootstrap as GCC online documents recommend, and generally improve
comment blocks.
The single most important correction in this changeset relates to the
GCC changed optimization policy since at least GCC 4.5, in which -march
is always passed and not always correctly guessed. In the case of this
package, allowing GCC to guess the architecture leads to wild build
errors at various subcomponents (zlib, libgcc, libiberty...) and
bootstrap stages. It seems quite platform specific, and the safest
approach to correcting this seems to be explicitly always specifying the
-march argument when bootstrapping GCC. Because the best choice 'native'
is not available when bootstrapping using a foreign (non GCC) compiler,
a guess is made according to rpmmacros l_platform in that case.
It is questionable as to whether these recent optimization changes
on the part of GCC or this package are compatible with each other,
or if either are complete or correct at all. At least applying these
corrections allows this package to build again in most cases test.
1 Security Fix
3 Index: gzip.c
4 --- gzip.c.orig 2009-09-26 20:56:02 +0200
5 +++ gzip.c 2009-10-07 07:59:53 +0200
6 @@ -168,7 +168,7 @@
7 DECLARE(uch, inbuf, INBUFSIZ +INBUF_EXTRA);
8 DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
9 DECLARE(ush, d_buf, DIST_BUFSIZE);
10 -DECLARE(uch, window, 2L*WSIZE);
11 +DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to peeking beyond the buffer end */
12 #ifndef MAXSEG_64K
13 DECLARE(ush, tab_prefix, 1L<<BITS);
14 #else
16 -----------------------------------------------------------------------------
18 Security Fixes
19 - OOB write (CVE-2006-4335)
20 - Buffer underflow (CVE-2006-4336)
21 - Buffer overflow (CVE-2006-4337)
22 - Infinite loop (CVE-2006-4338)
24 Index: gzip.h
25 --- gzip.h.orig 2009-09-26 20:43:28 +0200
26 +++ gzip.h 2009-10-07 07:59:53 +0200
27 @@ -223,6 +223,8 @@
28 extern int to_stdout; /* output to stdout (-c) */
29 extern int save_orig_name; /* set if original name must be saved */
31 +#define MIN(a,b) ((a) <= (b) ? (a) : (b))
32 +
33 #define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
34 #define try_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
36 Index: unlzh.c
37 --- unlzh.c.orig 2009-09-26 20:20:40 +0200
38 +++ unlzh.c 2009-10-07 07:59:53 +0200
39 @@ -141,12 +141,17 @@
40 unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
42 for (i = 1; i <= 16; i++) count[i] = 0;
43 - for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
44 + for (i = 0; i < (unsigned)nchar; i++) {
45 + if (bitlen[i] > 16)
46 + error("Bad table\n");
47 + else
48 + count[bitlen[i]]++;
49 + }
51 start[1] = 0;
52 for (i = 1; i <= 16; i++)
53 start[i + 1] = start[i] + (count[i] << (16 - i));
54 - if ((start[17] & 0xffff) != 0)
55 + if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
56 gzip_error ("Bad table\n");
58 jutbits = 16 - tablebits;
59 @@ -161,15 +166,15 @@
61 i = start[tablebits + 1] >> jutbits;
62 if (i != 0) {
63 - k = 1 << tablebits;
64 - while (i != k) table[i++] = 0;
65 + k = MIN(1 << tablebits, DIST_BUFSIZE);
66 + while (i < k) table[i++] = 0;
67 }
69 avail = nchar;
70 mask = (unsigned) 1 << (15 - tablebits);
71 for (ch = 0; ch < (unsigned)nchar; ch++) {
72 if ((len = bitlen[ch]) == 0) continue;
73 - nextcode = start[len] + weight[len];
74 + nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
75 if (len <= (unsigned)tablebits) {
76 if ((unsigned) 1 << tablebits < nextcode)
77 gzip_error ("Bad table\n");
78 @@ -212,7 +217,7 @@
79 for (i = 0; i < 256; i++) pt_table[i] = c;
80 } else {
81 i = 0;
82 - while (i < n) {
83 + while (i < MIN(n,NPT)) {
84 c = bitbuf >> (BITBUFSIZ - 3);
85 if (c == 7) {
86 mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
87 @@ -224,7 +229,7 @@
88 pt_len[i++] = c;
89 if (i == i_special) {
90 c = getbits(2);
91 - while (--c >= 0) pt_len[i++] = 0;
92 + while (--c >= 0 && i < NPT) pt_len[i++] = 0;
93 }
94 }
95 while (i < nn) pt_len[i++] = 0;
96 @@ -244,7 +249,7 @@
97 for (i = 0; i < 4096; i++) c_table[i] = c;
98 } else {
99 i = 0;
100 - while (i < n) {
101 + while (i < MIN(n,NC)) {
102 c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
103 if (c >= NT) {
104 mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
105 @@ -252,14 +257,14 @@
106 if (bitbuf & mask) c = right[c];
107 else c = left [c];
108 mask >>= 1;
109 - } while (c >= NT);
110 + } while (c >= NT && (mask || c != left[c]));
111 }
112 fillbuf((int) pt_len[c]);
113 if (c <= 2) {
114 if (c == 0) c = 1;
115 else if (c == 1) c = getbits(4) + 3;
116 else c = getbits(CBIT) + 20;
117 - while (--c >= 0) c_len[i++] = 0;
118 + while (--c >= 0 && i < NC) c_len[i++] = 0;
119 } else c_len[i++] = c - 2;
120 }
121 while (i < NC) c_len[i++] = 0;
122 @@ -288,7 +293,7 @@
123 if (bitbuf & mask) j = right[j];
124 else j = left [j];
125 mask >>= 1;
126 - } while (j >= NC);
127 + } while (j >= NC && (mask || j != left[j]));
128 }
129 fillbuf((int) c_len[j]);
130 return j;
131 @@ -305,7 +310,7 @@
132 if (bitbuf & mask) j = right[j];
133 else j = left [j];
134 mask >>= 1;
135 - } while (j >= NP);
136 + } while (j >= NP && (mask || j != left[j]));
137 }
138 fillbuf((int) pt_len[j]);
139 if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
140 @@ -352,7 +357,7 @@
141 while (--j >= 0) {
142 buffer[r] = buffer[i];
143 i = (i + 1) & (DICSIZ - 1);
144 - if (++r == count) return r;
145 + if (++r >= count) return r;
146 }
147 for ( ; ; ) {
148 c = decode_c();
149 @@ -362,14 +367,14 @@
150 }
151 if (c <= UCHAR_MAX) {
152 buffer[r] = c;
153 - if (++r == count) return r;
154 + if (++r >= count) return r;
155 } else {
156 j = c - (UCHAR_MAX + 1 - THRESHOLD);
157 i = (r - decode_p() - 1) & (DICSIZ - 1);
158 while (--j >= 0) {
159 buffer[r] = buffer[i];
160 i = (i + 1) & (DICSIZ - 1);
161 - if (++r == count) return r;
162 + if (++r >= count) return r;
163 }
164 }
165 }
166 Index: unpack.c
167 --- unpack.c.orig 2009-09-26 20:43:28 +0200
168 +++ unpack.c 2009-10-07 07:59:53 +0200
169 @@ -22,7 +22,6 @@
170 #include "gzip.h"
171 #include "crypt.h"
173 -#define MIN(a,b) ((a) <= (b) ? (a) : (b))
174 /* The arguments must not have side effects. */
176 #define MAX_BITLEN 25
177 @@ -146,7 +145,7 @@
178 /* Remember where the literals of this length start in literal[] : */
179 lit_base[len] = base;
180 /* And read the literals: */
181 - for (n = leaves[len]; n > 0; n--) {
182 + for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
183 literal[base++] = (uch)get_byte();
184 }
185 }
186 @@ -182,7 +181,7 @@
187 prefixp = &prefix_len[1<<peek_bits];
188 for (len = 1; len <= peek_bits; len++) {
189 int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
190 - while (prefixes--) *--prefixp = (uch)len;
191 + while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
192 }
193 /* The length of all other codes is unknown: */
194 while (prefixp > prefix_len) *--prefixp = 0;
