From 1f26599f9e4fe80694ea448df58268a8eca39fef Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Sat, 28 Jul 2018 19:14:00 -0500 Subject: system/pkgconf: fix tuple error --- ...-Ensure-buf-length-is-always-1-in-dequote.patch | 53 ++++++++++++++++++++++ system/pkgconf/APKBUILD | 10 ++-- 2 files changed, 59 insertions(+), 4 deletions(-) create mode 100644 system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch (limited to 'system') diff --git a/system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch b/system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch new file mode 100644 index 000000000..d1a423391 --- /dev/null +++ b/system/pkgconf/0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch @@ -0,0 +1,53 @@ +From 9b7affe0b1e6512c6c73d19e1220c94fdb5c8159 Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" +Date: Sat, 28 Jul 2018 19:06:33 -0500 +Subject: [PATCH] tuple: Ensure buf length is always >= 1 in dequote +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If a key is defined with no value, dequote will allocate a buffer with a +length of 0. Since the buffer's length is 0, any manipulation of its +content is UB. + +Example .pc file: + +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +xcflags= +xlibs= -lSM -lICE -lX11 + +Name: Obt +Description: Openbox Toolkit Library +Version: 3.6 +Requires: glib-2.0 libxml-2.0 +Libs: -L${libdir} -lobt ${xlibs} +Cflags: -I${includedir}/openbox/3.6 ${xcflags} + +Output using pkgconf 1.5.2 on x86_64 Linux/musl: + +% pkgconf --cflags obt-3.5 +-I/usr/include/openbox/3.6 \�\\�I\�\ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2 +--- + libpkgconf/tuple.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libpkgconf/tuple.c b/libpkgconf/tuple.c +index 26dc5d5..8523709 100644 +--- a/libpkgconf/tuple.c ++++ b/libpkgconf/tuple.c +@@ -139,7 +139,7 @@ pkgconf_tuple_find_delete(pkgconf_list_t *list, const char *key) + static char * + dequote(const char *value) + { +- char *buf = calloc(strlen(value) * 2, 1); ++ char *buf = calloc((strlen(value) + 1) * 2, 1); + char *bptr = buf; + const char *i; + char quote = 0; +-- +2.17.1 + diff --git a/system/pkgconf/APKBUILD b/system/pkgconf/APKBUILD index a2e2f3b32..fd401ee2c 100644 --- a/system/pkgconf/APKBUILD +++ b/system/pkgconf/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: William Pitcock pkgname=pkgconf -pkgver=1.5.1 +pkgver=1.5.2 pkgrel=0 pkgdesc="development framework configuration tools" url="https://git.dereferenced.org/pkgconf/pkgconf/" @@ -8,10 +8,11 @@ arch="all" license="ISC" replaces="pkgconfig" provides="pkgconfig=1" -source="https://distfiles.dereferenced.org/pkgconf/pkgconf-$pkgver.tar.xz" subpackages="$pkgname-doc $pkgname-dev" checkdepends="kyua atf" -builddir="$srcdir/$pkgname-$pkgver" +source="https://distfiles.dereferenced.org/pkgconf/pkgconf-$pkgver.tar.xz + 0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch + " build() { cd "$builddir" @@ -50,4 +51,5 @@ dev() { mv "$subpkgdir"/usr/share/aclocal/pkg.m4 "$pkgdir"/usr/share/aclocal/ } -sha512sums="a2e7a675fed6600fd38d90a98fa8295e1b79b4dd018f544ca777caf8cf6687029d0925ef33a08dd7815d5d3cad835bb9b70ab3161b6e083965fa60652661955a pkgconf-1.5.1.tar.xz" +sha512sums="2f4eee60f677599d7c1d230050b7044d6919c460a409d79f51335efe358aeaf29f362249ad5986de947c2cb24032a6da641361b47216ff1d91d7371cec5d512c pkgconf-1.5.2.tar.xz +0044dd942a4893c1ec2f905133b0c1568f757b2e4e585fc113328b607f1e1d32eb2c7ccc62b8ddb445a18c076a694239875ce4aa380a628d21ebcc6aab4b8a40 0001-tuple-Ensure-buf-length-is-always-1-in-dequote.patch" -- cgit v1.2.3-60-g2f50