From 1f26599f9e4fe80694ea448df58268a8eca39fef Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Sat, 28 Jul 2018 19:14:00 -0500 Subject: system/pkgconf: fix tuple error --- ...-Ensure-buf-length-is-always-1-in-dequote.patch | 53 ++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch (limited to 'system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch') diff --git a/system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch b/system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch new file mode 100644 index 000000000..d1a423391 --- /dev/null +++ b/system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch @@ -0,0 +1,53 @@ +From 9b7affe0b1e6512c6c73d19e1220c94fdb5c8159 Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" +Date: Sat, 28 Jul 2018 19:06:33 -0500 +Subject: [PATCH] tuple: Ensure buf length is always >= 1 in dequote +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If a key is defined with no value, dequote will allocate a buffer with a +length of 0. Since the buffer's length is 0, any manipulation of its +content is UB. + +Example .pc file: + +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +xcflags= +xlibs= -lSM -lICE -lX11 + +Name: Obt +Description: Openbox Toolkit Library +Version: 3.6 +Requires: glib-2.0 libxml-2.0 +Libs: -L${libdir} -lobt ${xlibs} +Cflags: -I${includedir}/openbox/3.6 ${xcflags} + +Output using pkgconf 1.5.2 on x86_64 Linux/musl: + +% pkgconf --cflags obt-3.5 +-I/usr/include/openbox/3.6 \�\\�I\�\ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2 +--- + libpkgconf/tuple.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libpkgconf/tuple.c b/libpkgconf/tuple.c +index 26dc5d5..8523709 100644 +--- a/libpkgconf/tuple.c ++++ b/libpkgconf/tuple.c +@@ -139,7 +139,7 @@ pkgconf_tuple_find_delete(pkgconf_list_t *list, const char *key) + static char * + dequote(const char *value) + { +- char *buf = calloc(strlen(value) * 2, 1); ++ char *buf = calloc((strlen(value) + 1) * 2, 1); + char *bptr = buf; + const char *i; + char quote = 0; +-- +2.17.1 + -- cgit v1.2.3-70-g09d2