[beignet] 03/03: Fix buffer overflow in error handling

[Rebecca Palmer]

This is an automated email from the git hooks/post-receive script.

rnpalmer-guest pushed a commit to branch master
in repository beignet.

commit 67fd5e75cf950c7b352a9be8408d4d8cfc894ac9
Author: Rebecca N. Palmer <rebecca_palmer at zoho.com>
Date:   Thu Feb 26 14:47:38 2015 +0000

    Fix buffer overflow in error handling
---
 debian/changelog                         |  3 ++-
 debian/patches/fix-buffer-overflow.patch | 31 +++++++++++++++++++++++++++++++
 debian/patches/series                    |  1 +
 3 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index dd42120..179eef0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
-beignet (1.0.1-3) UNRELEASED; urgency=medium
+beignet (1.0.1-3) experimental; urgency=medium
 
   * Fix two crashes on unsupported hardware.  (Closes: #779213)
+  * Fix buffer overflow in error handling.
 
  -- Rebecca N. Palmer <rebecca_palmer at zoho.com>  Thu, 26 Feb 2015 14:39:00 +0000
 
diff --git a/debian/patches/fix-buffer-overflow.patch b/debian/patches/fix-buffer-overflow.patch
new file mode 100644
index 0000000..e41fea0
--- /dev/null
+++ b/debian/patches/fix-buffer-overflow.patch
@@ -0,0 +1,31 @@
+Description: Correct the error llvm link msg copy
+
+in function genProgramLinkFromLLVM.
+
+Use strncpy to avoid overflow and need return errSize.
+
+Origin: upstream 1c24f07213bcf302ffd6cc751f575dba10f1518d
+Author: Yang Rong <rong.r.yang at intel.com>, Rebecca Palmer <rebecca_palmer at zoho.com>
+
+diff --git a/backend/src/backend/gen_program.cpp b/backend/src/backend/gen_program.cpp
+index 6ad5eef..1b296fb 100644
+--- a/backend/src/backend/gen_program.cpp
++++ b/backend/src/backend/gen_program.cpp
+@@ -384,10 +384,9 @@ namespace gbe {
+                                  &errMsg);
+       if (errMsg.c_str() != NULL) {
+         if (err != NULL && errSize != NULL && stringSize > 0u) {
+-          if(errMsg.length() < stringSize )
+-            stringSize = errMsg.length();
+-          strcpy(err, errMsg.c_str());
+-          err[stringSize+1] = '\0';
++          strncpy(err, errMsg.c_str(), stringSize-1);
++          err[stringSize-1] = '\0';
++          *errSize = strlen(err);
+         }
+       }
+     }
+-- 
+cgit v0.10.2
+
+
diff --git a/debian/patches/series b/debian/patches/series
index ef67592..d660eda 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ remove-unsafe-define-D__-USER-__.patch
 force-llvm-3.5.patch
 fixcrash-24b2ad.patch
 fixcrash-779213.patch
+fix-buffer-overflow.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opencl/beignet.git