[cpl] 01/01: Fix cpl_table crash found with sanitize

Mon Apr 27 08:31:30 UTC 2015

This is an automated email from the git hooks/post-receive script.

olebole pushed a commit to branch debian
in repository cpl.

commit a9d335caf1d3eaa56308bbb7d738822c03c50d95
Author: Ole Streicher <debian at liska.ath.cx>
Date:   Mon Apr 27 10:31:07 2015 +0200

    Fix cpl_table crash found with sanitize
---
 debian/patches/fix_cpltable.patch | 38 ++++++++++++++++++++++++++++++++++++++
 debian/patches/series             |  1 +
 2 files changed, 39 insertions(+)

diff --git a/debian/patches/fix_cpltable.patch b/debian/patches/fix_cpltable.patch
new file mode 100644
index 0000000..d84df53
--- /dev/null
+++ b/debian/patches/fix_cpltable.patch
@@ -0,0 +1,38 @@
+Author: Ole Streicher <olebole at debian.org>
+Description: Fix cpl_table crash found with sanitize
+ Don't try to process sdata[j] past the terminating '\0' character.
+ This fixes the following crash:
+ .
+  ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fc23ba80ca1 at pc 0x7fc23b96173f bp 0x7fff53ff6e90 sp 0x7fff53ff6e88
+  READ of size 1 at 0x7fc23ba80ca1 thread T0
+    #0 0x7fc23b96173e in _cpl_table_save_legacy cplcore/cpl_table.c:25999
+    #1 0x7fc23b96ad9f in cpl_table_save cplcore/cpl_table.c:31602
+    #2 0x41206e in cpl_table_test_main cplcore/tests/cpl_table-test.c:812
+    #3 0x404657 in main cplcore/tests/cpl_table-test.c:216
+    #4 0x7fc23a499b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
+    #5 0x404568 (cplcore/tests/.libs/lt-cpl_table-test+0x404568)
+ .
+  0x7fc23ba80ca1 is located 63 bytes to the left of global variable '*.LC54' from 'cpl_table.c' (0x7fc23ba80ce0) of size 7
+  '*.LC54' is ascii string '%lld%c'
+  0x7fc23ba80ca1 is located 0 bytes to the right of global variable '*.LC53' from 'cpl_table.c' (0x7fc23ba80ca0) of size 1
+  '*.LC53' is ascii string ''
+--- a/cplcore/cpl_table.c
++++ b/cplcore/cpl_table.c
+@@ -25996,7 +25996,7 @@
+                             for (m = 0, j = 0; j < depth; j++) {
+                                 eccolo = 0;
+                                 for (n = 0; n < field_size; n++, m++) {
+-                                    if (sdata[j][n] == '\0') {
++                                    if (!eccolo && (sdata[j][n] == '\0')) {
+                                         eccolo = 1;
+                                     }
+                                     if (eccolo) {
+@@ -29281,7 +29281,7 @@
+                         for (m = 0, j = 0; j < depth; j++) {
+                             eccolo = 0;
+                             for (n = 0; n < field_size; n++, m++) {
+-                                 if (sdata[j][n] == '\0') {
++				if (!eccolo && (sdata[j][n] == '\0')) {
+                                      eccolo = 1;
+                                  }
+                                  if (eccolo) {
diff --git a/debian/patches/series b/debian/patches/series
index d365b07..2be7f9e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ no_compiletime_cpucheck.patch
 fix_required_versions.patch
 serial-tests
 reproducible_build.patch
+fix_cpltable.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-astro/packages/cpl.git

