diff options
-rw-r--r-- | meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch | 49 | ||||
-rw-r--r-- | meta/recipes-extended/less/less_471.bb | 4 |
2 files changed, 52 insertions, 1 deletions
diff --git a/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch new file mode 100644 index 0000000000..455eafc492 --- /dev/null +++ b/meta/recipes-extended/less/less/0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch @@ -0,0 +1,49 @@ +From e0a1add063a657b98611c94debb3631b8ffa36fe Mon Sep 17 00:00:00 2001 +From: Junling Zheng <zhengjunling@huawei.com> +Date: Fri, 24 Apr 2015 11:24:04 +0800 +Subject: [PATCH] Fix possible buffer overrun with invalid UTF-8 + +An out of bounds read access in the UTF-8 decoding can be triggered with +a malformed file in the tool less. The access happens in the function +is_utf8_well_formed due to a truncated multibyte character in the sample +file. + +The bug does not crash less, it can only be made visible by running less +with valgrind or compiling it with Address Sanitizer. + +Version 475 of less contains a fix for this issue. The file version.c +contains some entry mentioning this issue (without any credit): + + - v475 3/2/15 Fix possible buffer overrun with invalid UTF-8 + +The fix is in the file line.c. We derive this patch from: + +https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html + +Thank Claire Robinson for validating it on Mageia 4 i586. Refer to: + +https://bugs.mageia.org/show_bug.cgi?id=15567 + +Upstream Status: Backported + +Signed-off-by: Junling Zheng <zhengjunling@huawei.com> +--- + line.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/line.c b/line.c +index 89495a3..474be2c 100644 +--- a/line.c ++++ b/line.c +@@ -807,7 +807,7 @@ pappend(c, pos) + mbc_buf[mbc_buf_index++] = c; + if (mbc_buf_index < mbc_buf_len) + return (0); +- if (is_utf8_well_formed(mbc_buf)) ++ if (is_utf8_well_formed(mbc_buf, mbc_buf_index)) + r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos); + else + /* Complete, but not shortest form, sequence. */ +-- +1.9.1 + diff --git a/meta/recipes-extended/less/less_471.bb b/meta/recipes-extended/less/less_471.bb index 81d354ccf0..72d256276b 100644 --- a/meta/recipes-extended/less/less_471.bb +++ b/meta/recipes-extended/less/less_471.bb @@ -24,7 +24,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ file://LICENSE;md5=866cc220f330b04ae4661fc3cdfedea7" DEPENDS = "ncurses" -SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz" +SRC_URI = "http://www.greenwoodsoftware.com/${BPN}/${BPN}-${PV}.tar.gz \ + file://0001-Fix-possible-buffer-overrun-with-invalid-UTF-8.patch \ + " SRC_URI[md5sum] = "9a40d29a2d84b41f9f36d7dd90b4f950" SRC_URI[sha256sum] = "37f613fa9a526378788d790a92217d59b523574cf7159f6538da8564b3fb27f8" |