[beignet] 03/03: Fix buffer overflow in error handling
Rebecca Palmer
rnpalmer-guest at moszumanska.debian.org
Thu Feb 26 16:37:40 UTC 2015
This is an automated email from the git hooks/post-receive script.
rnpalmer-guest pushed a commit to branch master
in repository beignet.
commit 67fd5e75cf950c7b352a9be8408d4d8cfc894ac9
Author: Rebecca N. Palmer <rebecca_palmer at zoho.com>
Date: Thu Feb 26 14:47:38 2015 +0000
Fix buffer overflow in error handling
---
debian/changelog | 3 ++-
debian/patches/fix-buffer-overflow.patch | 31 +++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index dd42120..179eef0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
-beignet (1.0.1-3) UNRELEASED; urgency=medium
+beignet (1.0.1-3) experimental; urgency=medium
* Fix two crashes on unsupported hardware. (Closes: #779213)
+ * Fix buffer overflow in error handling.
-- Rebecca N. Palmer <rebecca_palmer at zoho.com> Thu, 26 Feb 2015 14:39:00 +0000
diff --git a/debian/patches/fix-buffer-overflow.patch b/debian/patches/fix-buffer-overflow.patch
new file mode 100644
index 0000000..e41fea0
--- /dev/null
+++ b/debian/patches/fix-buffer-overflow.patch
@@ -0,0 +1,31 @@
+Description: Correct the error llvm link msg copy
+
+in function genProgramLinkFromLLVM.
+
+Use strncpy to avoid overflow and need return errSize.
+
+Origin: upstream 1c24f07213bcf302ffd6cc751f575dba10f1518d
+Author: Yang Rong <rong.r.yang at intel.com>, Rebecca Palmer <rebecca_palmer at zoho.com>
+
+diff --git a/backend/src/backend/gen_program.cpp b/backend/src/backend/gen_program.cpp
+index 6ad5eef..1b296fb 100644
+--- a/backend/src/backend/gen_program.cpp
++++ b/backend/src/backend/gen_program.cpp
+@@ -384,10 +384,9 @@ namespace gbe {
+ &errMsg);
+ if (errMsg.c_str() != NULL) {
+ if (err != NULL && errSize != NULL && stringSize > 0u) {
+- if(errMsg.length() < stringSize )
+- stringSize = errMsg.length();
+- strcpy(err, errMsg.c_str());
+- err[stringSize+1] = '\0';
++ strncpy(err, errMsg.c_str(), stringSize-1);
++ err[stringSize-1] = '\0';
++ *errSize = strlen(err);
+ }
+ }
+ }
+--
+cgit v0.10.2
+
+
diff --git a/debian/patches/series b/debian/patches/series
index ef67592..d660eda 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ remove-unsafe-define-D__-USER-__.patch
force-llvm-3.5.patch
fixcrash-24b2ad.patch
fixcrash-779213.patch
+fix-buffer-overflow.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opencl/beignet.git
More information about the Pkg-opencl-commits
mailing list