summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--user/readstat/APKBUILD13
-rw-r--r--user/readstat/big-endian.patch76
-rw-r--r--user/readstat/buf-overflow.patch26
-rw-r--r--user/readstat/use-after-free.patch37
4 files changed, 149 insertions, 3 deletions
diff --git a/user/readstat/APKBUILD b/user/readstat/APKBUILD
index bb9926267..1ce3b3249 100644
--- a/user/readstat/APKBUILD
+++ b/user/readstat/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=readstat
-pkgver=1.1.8
+pkgver=1.1.9
pkgrel=0
pkgdesc="Command-line tool for converting stats package files"
url=" "
@@ -9,7 +9,11 @@ license="MIT"
depends=""
makedepends="zlib-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
-source="https://github.com/WizardMac/ReadStat/releases/download/v$pkgver/readstat-$pkgver.tar.gz"
+source="https://github.com/WizardMac/ReadStat/releases/download/v$pkgver/readstat-$pkgver.tar.gz
+ use-after-free.patch
+ buf-overflow.patch
+ big-endian.patch
+ "
build() {
./configure \
@@ -35,4 +39,7 @@ libs() {
default_libs
}
-sha512sums="0b6278c2f1acae2cb6c509dbf730b121e1d8cd6e53736f060c0b79ba5fbcf56e1c4ac39568d21e90f537a0bae0341d702421eb768d384f8891f6486b7c6c2f1f readstat-1.1.8.tar.gz"
+sha512sums="1034d2ca4f45a5b93ed1857b9176965a1584c042bfc2316cc93d0a80f589dc55ad6fe01036a6b9a4db36080b2a9876472f9016ce01e015692430dbeb7e26ece0 readstat-1.1.9.tar.gz
+b58b0b2d5da107048c4aedbb6a8a0cd7cd3710ac6e6cd5cb759fd149288da24fb2f52022586154eba42d32441ab5a6ec307f895af2875649bb57a4d0473d9a81 use-after-free.patch
+cfcad56dfe51b1454010e6cf15961816de8b60f1d5918638b8f1f208d18713db281eb1d915db4cd79fe11d28c82a1c3c23a1a05a079b4071ba2f61c1d0c74dbc buf-overflow.patch
+3aad51258a52c13c45bd94c7e12a9ae38923930f03dbbee650d489ef812999de82e8024ec5e74ca4ad191aa90b2c5d8dd983493121c9b874708b3f32419e1146 big-endian.patch"
diff --git a/user/readstat/big-endian.patch b/user/readstat/big-endian.patch
new file mode 100644
index 000000000..71f1db133
--- /dev/null
+++ b/user/readstat/big-endian.patch
@@ -0,0 +1,76 @@
+From 0034c8ee693563cbecae8fa8a24d3e8d5dcc6ab1 Mon Sep 17 00:00:00 2001
+From: Evan Miller <emmiller@gmail.com>
+Date: Sat, 4 May 2024 08:50:28 -0400
+Subject: [PATCH] [SAS7BCAT writer] big-endian architecture fix
+
+Closes #302
+---
+ src/sas/readstat_sas7bcat_write.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/sas/readstat_sas7bcat_write.c b/src/sas/readstat_sas7bcat_write.c
+index 6544798c..9642fdad 100644
+--- a/src/sas/readstat_sas7bcat_write.c
++++ b/src/sas/readstat_sas7bcat_write.c
+@@ -63,7 +63,8 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la
+
+ for (j=0; j<r_label_set->value_labels_count; j++) {
+ readstat_value_label_t *value_label = readstat_get_value_label(r_label_set, j);
+- lbp1[2] = 24; // size - 6
++ int16_t value_entry_len = 24; // size - 6
++ memcpy(&lbp1[2], &value_entry_len, sizeof(int16_t));
+ int32_t index = j;
+ memcpy(&lbp1[10], &index, sizeof(int32_t));
+ if (r_label_set->type == READSTAT_TYPE_STRING) {
+@@ -86,7 +87,7 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la
+ memcpy(&lbp2[8], &label_len, sizeof(int16_t));
+ memcpy(&lbp2[10], value_label->label, label_len);
+
+- lbp1 += 30;
++ lbp1 += 6 + value_entry_len;
+ lbp2 += 8 + 2 + value_label->label_len + 1;
+ }
+
+From 29aac3db79a5da20d1d1dcbb54a587c5ba51e7b3 Mon Sep 17 00:00:00 2001
+From: Evan Miller <emmiller@gmail.com>
+Date: Sat, 4 May 2024 10:35:27 -0400
+Subject: [PATCH] [SAS7BCAT writer] more big-endian fixes
+
+---
+ src/sas/readstat_sas7bcat_write.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/sas/readstat_sas7bcat_write.c b/src/sas/readstat_sas7bcat_write.c
+index 9642fda..c25fec0 100644
+--- a/src/sas/readstat_sas7bcat_write.c
++++ b/src/sas/readstat_sas7bcat_write.c
+@@ -46,7 +46,8 @@ static sas7bcat_block_t *sas7bcat_block_for_label_set(readstat_label_set_t *r_la
+ memcpy(&block->data[38], &count, sizeof(int32_t));
+ memcpy(&block->data[42], &count, sizeof(int32_t));
+ if (name_len > 8) {
+- block->data[2] = (char)0x80;
++ int16_t flags = 0x80;
++ memcpy(&block->data[2], &flags, sizeof(int16_t));
+ memcpy(&block->data[8], name, 8);
+
+ memset(&block->data[106], ' ', 32);
+@@ -139,16 +140,15 @@ static readstat_error_t sas7bcat_begin_data(void *writer_ctx) {
+
+ // Page 1
+ char *xlsr = &page[856];
+- int16_t block_idx, block_off;
+- block_idx = 4;
+- block_off = 16;
++ int32_t block_idx = 4;
++ int16_t block_off = 16;
+ for (i=0; i<writer->label_sets_count; i++) {
+ if (xlsr + 212 > page + hinfo->page_size)
+ break;
+
+ memcpy(&xlsr[0], "XLSR", 4);
+
+- memcpy(&xlsr[4], &block_idx, sizeof(int16_t));
++ memcpy(&xlsr[4], &block_idx, sizeof(int32_t));
+ memcpy(&xlsr[8], &block_off, sizeof(int16_t));
+
+ xlsr[50] = 'O';
diff --git a/user/readstat/buf-overflow.patch b/user/readstat/buf-overflow.patch
new file mode 100644
index 000000000..f3766bb24
--- /dev/null
+++ b/user/readstat/buf-overflow.patch
@@ -0,0 +1,26 @@
+From c7baae72b36acdc24f56ad48d3e859850fdbdc2b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=A1bor=20Cs=C3=A1rdi?= <csardi.gabor@gmail.com>
+Date: Sat, 17 Feb 2024 21:23:14 +0100
+Subject: [PATCH] Fix a buffer overflow (#311)
+
+It happens if raw_str_used underflows and ends up a very large number,
+which is then used as the size of a string.
+
+Closes #285.
+---
+ src/spss/readstat_sav_read.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/spss/readstat_sav_read.c b/src/spss/readstat_sav_read.c
+index 7f49490..460bf07 100644
+--- a/src/spss/readstat_sav_read.c
++++ b/src/spss/readstat_sav_read.c
+@@ -717,7 +717,7 @@ static readstat_error_t sav_process_row(unsigned char *buffer, size_t buffer_len
+ }
+ if (++offset == col_info->width) {
+ if (++segment_offset < var_info->n_segments) {
+- raw_str_used--;
++ if (raw_str_used > 0) raw_str_used--;
+ }
+ offset = 0;
+ col++;
diff --git a/user/readstat/use-after-free.patch b/user/readstat/use-after-free.patch
new file mode 100644
index 000000000..70ea38ffd
--- /dev/null
+++ b/user/readstat/use-after-free.patch
@@ -0,0 +1,37 @@
+From 718d49155e327471ed9bf4a8c157f849f285b46c Mon Sep 17 00:00:00 2001
+From: Stefan Gerlach <stefan.gerlach@uni-konstanz.de>
+Date: Wed, 20 Sep 2023 15:18:07 +0200
+Subject: [PATCH] Fix use after free (#298)
+
+---
+ src/bin/readstat.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/bin/readstat.c b/src/bin/readstat.c
+index 48b8fdd..e3fbbd1 100644
+--- a/src/bin/readstat.c
++++ b/src/bin/readstat.c
+@@ -397,8 +397,6 @@ static int convert_file(const char *input_filename, const char *catalog_filename
+ module->finish(rs_ctx->module_ctx);
+ }
+
+- free(rs_ctx);
+-
+ if (error != READSTAT_OK) {
+ if (file_exists) {
+ fprintf(stderr, "Error opening %s: File exists (Use -f to overwrite)\n", output_filename);
+@@ -406,9 +404,14 @@ static int convert_file(const char *input_filename, const char *catalog_filename
+ fprintf(stderr, "Error processing %s: %s\n", rs_ctx->error_filename, readstat_error_message(error));
+ unlink(output_filename);
+ }
++
++ free(rs_ctx);
++
+ return 1;
+ }
+
++ free(rs_ctx);
++
+ return 0;
+ }
+