[Debian-astro-commits] [wcstools] 04/04: Add patches for new crashes

Ole Streicher olebole at moszumanska.debian.org
Thu Jun 9 14:06:55 UTC 2016 

This is an automated email from the git hooks/post-receive script.

olebole pushed a commit to branch debian
in repository wcstools.

commit a6b5069ab26fdae7315469630f3b5ee2283a9eb2
Author: Ole Streicher <ole at aip.de>
Date:   Thu Jun 9 13:00:10 2016 +0200

    Add patches for new crashes
---
 .../patches/fix_additional_pointer_increase.patch  | 14 ++++++++++
 debian/patches/fix_compiler_warnings.patch         | 32 ++++++++++++++++++++++
 debian/patches/fix_ctype_copy_to_wcs.patch         | 19 +++++++++++++
 debian/patches/fix_off-by-one-allocation.patch     | 15 ++++++++++
 debian/patches/series                              |  3 ++
 5 files changed, 83 insertions(+)

diff --git a/debian/patches/fix_additional_pointer_increase.patch b/debian/patches/fix_additional_pointer_increase.patch
new file mode 100644
index 0000000..7d61f81
--- /dev/null
+++ b/debian/patches/fix_additional_pointer_increase.patch
@@ -0,0 +1,14 @@
+Author: Ole Streicher <olebole at debian.org>
+Description: Fix duplicate pointer increase
+ Otherwise, xborder1 may be zero, causing an illegal memory access later.
+--- a/libwcs/findstar.c
++++ b/libwcs/findstar.c
+@@ -212,7 +212,7 @@
+ 	tx1 = trimsec + 1;
+ 	tx2 = strchr (trimsec, ':');
+ 	*tx2 = (char) 0;
+-	xborder1 = atoi (tx1+1);
++	xborder1 = atoi (tx1);
+ 	tx2 = tx2 + 1;
+ 	tx3 = strchr (tx2, ',');
+ 	*tx3 = (char) 0;
diff --git a/debian/patches/fix_compiler_warnings.patch b/debian/patches/fix_compiler_warnings.patch
index 57bb8cb..9a7f3c8 100644
--- a/debian/patches/fix_compiler_warnings.patch
+++ b/debian/patches/fix_compiler_warnings.patch
@@ -11,3 +11,35 @@ Description: Fix some compiler warnings.
  		    strcat (headline, temp);
  		    }
  		else if (gcset)
+--- a/scat.c
++++ b/scat.c
+@@ -2495,7 +2495,7 @@
+ 			    printf ("	%5.1f	%5.1f	%2d	%2d",
+ 				    epmr, epmd, nim, nct);
+ 			else
+-			    printf (" %5.1f %5.1f $3d $3d",
++			    printf (" %5.1f %5.1f %3d %3d",
+ 				    epmr, epmd, nim, nct);
+ 			}
+ 		    if (refcat == UB1) {
+--- a/libwcs/webread.c
++++ b/libwcs/webread.c
+@@ -32,6 +32,7 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <string.h>
++#include <ctype.h>
+ #include <math.h>
+ #include "wcs.h"
+ #include "fitsfile.h"
+--- a/libwcs/imhfile.c
++++ b/libwcs/imhfile.c
+@@ -1075,7 +1075,7 @@
+ 
+ 	/* add name */
+ 	newpixname[len] = '\0';
+-	(void)strncat (newpixname, pixname, SZ_IM2PIXFILE);
++	(void)strncat (newpixname, pixname, SZ_IM2PIXFILE - len);
+ 	}
+ 
+     /* Pixel file has same name as header file, but with .pix extension */
diff --git a/debian/patches/fix_ctype_copy_to_wcs.patch b/debian/patches/fix_ctype_copy_to_wcs.patch
new file mode 100644
index 0000000..63a4730
--- /dev/null
+++ b/debian/patches/fix_ctype_copy_to_wcs.patch
@@ -0,0 +1,19 @@
+Author: Ole Streicher <olebole at debian.org>
+Description: Fix an off-by-one problem with strcpy
+ Sometimes a string is copied with the length of 8 into an char array with a
+ length of 8, as found in wcs.c, line 392: wcs->ptype is char[8], and ctype1
+ may be "DEC--TAN". This will cause an overwriting of the next entry, or if
+ this is protected (as in Debian) it will cause a crash.
+--- a/libwcs/wcs.c
++++ b/libwcs/wcs.c
+@@ -388,8 +388,8 @@
+     if (!strncmp (ctype1, "LONG",4))
+ 	strncpy (ctype1, "XLON",4);
+ 
+-    strcpy (wcs->ctype[0], ctype1);
+-    strcpy (wcs->ptype, ctype1);
++    strncpy (wcs->ctype[0], ctype1, 16);
++    strncpy (wcs->ptype, ctype1, 8);
+ 
+     /* Linear coordinates */
+     if (!strncmp (ctype1,"LINEAR",6)) {
diff --git a/debian/patches/fix_off-by-one-allocation.patch b/debian/patches/fix_off-by-one-allocation.patch
new file mode 100644
index 0000000..4a9ee80
--- /dev/null
+++ b/debian/patches/fix_off-by-one-allocation.patch
@@ -0,0 +1,15 @@
+Author: Ole Streicher <olebole at debian.org>
+Description: Fix an off-by-one memory allocation problem
+ in fitsfile.c, line 331, there is no space for a final '\0' byte
+ allocated. However, there is one expected in ksearch() (hget.c, line 1203).
+--- a/libwcs/fitsfile.c
++++ b/libwcs/fitsfile.c
+@@ -328,7 +328,7 @@
+ 		nbprim = nrec * FITSBLOCK;
+ 		headend = ksearch (header,"END");
+ 		lprim = headend + 80 - header;
+-		pheader = (char *) calloc ((unsigned int) nbprim, 1);
++		pheader = (char *) calloc ((unsigned int) nbprim+1, 1);
+ 		for (i = 0; i < lprim; i++)
+ 		    pheader[i] = header[i];
+ 		for (i = lprim; i < nbprim; i++)
diff --git a/debian/patches/series b/debian/patches/series
index 96ece76..446f7d9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,6 @@ fix_compiler_warnings.patch
 fix_wcsinit_crash.patch
 fix_sprintf.patch
 fix_RASortStars.patch
+fix_off-by-one-allocation.patch
+fix_ctype_copy_to_wcs.patch
+fix_additional_pointer_increase.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-astro/packages/wcstools.git

More information about the Debian-astro-commits mailing list