From ff76a7da41f04705d86d0e44587adcc046243aa9 Mon Sep 17 00:00:00 2001 From: Tim Jackson Date: Wed, 2 Feb 2011 17:33:18 +0000 Subject: [PATCH] Fix common hdspmixer crash (RHBZ #656514) --- alsa-tools-1.0.23-hdspmixer-crash.patch | 60 +++++++++++++++++++++++++ alsa-tools.spec | 7 ++- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 alsa-tools-1.0.23-hdspmixer-crash.patch diff --git a/alsa-tools-1.0.23-hdspmixer-crash.patch b/alsa-tools-1.0.23-hdspmixer-crash.patch new file mode 100644 index 0000000..3991211 --- /dev/null +++ b/alsa-tools-1.0.23-hdspmixer-crash.patch @@ -0,0 +1,60 @@ +From: Georg Rudolph +Date: Sat, 15 May 2010 07:37:34 +0000 (+0200) +Subject: hdspmixer: Fix buffer overflow +X-Git-Url: http://git.alsa-project.org/?p=alsa-tools.git;a=commitdiff_plain;h=6af304794723756865caee73593f13bd11a63450 + +hdspmixer: Fix buffer overflow + +A one off string buffer overflow fixed by handling it properly with +string stream. + +Signed-off-by: Georg Rudolph +Signed-off-by: Jaroslav Kysela +--- + +diff --git a/hdspmixer/src/HDSPMixerIOMixer.cxx b/hdspmixer/src/HDSPMixerIOMixer.cxx +index a431de5..a81f4a2 100644 +--- a/hdspmixer/src/HDSPMixerIOMixer.cxx ++++ b/hdspmixer/src/HDSPMixerIOMixer.cxx +@@ -25,9 +25,9 @@ HDSPMixerIOMixer::HDSPMixerIOMixer(int x, int y, int w, int h, int ch, int type) + { + mixer_type = type; + if (type) { +- sprintf(channel_name, "Out %d", ch); ++ channel_name << "Out " << ch; + } else { +- sprintf(channel_name, "In %d", ch); ++ channel_name << "In " << ch; + } + channel_num = ch; + if (channel_num%2) { +@@ -73,7 +73,7 @@ void HDSPMixerIOMixer::draw() + draw_background(); + fl_color(FL_BLACK); + fl_font(FL_HELVETICA, 8); +- fl_draw(channel_name, x()+4, y()+225, 27, 9, FL_ALIGN_CENTER); ++ fl_draw(channel_name.str().c_str(), x()+4, y()+225, 27, 9, FL_ALIGN_CENTER); + for (int i=children(); i--;) { + Fl_Widget& o = **a++; + draw_child(o); +diff --git a/hdspmixer/src/HDSPMixerIOMixer.h b/hdspmixer/src/HDSPMixerIOMixer.h +index 6286daf..a9a35de 100644 +--- a/hdspmixer/src/HDSPMixerIOMixer.h ++++ b/hdspmixer/src/HDSPMixerIOMixer.h +@@ -36,6 +36,7 @@ + #include "HDSPMixerStripData.h" + #include "HDSPMixerMeter.h" + #include "pixmaps.h" ++#include + + class HDSPMixerWindow; + class HDSPMixerSelector; +@@ -52,7 +53,7 @@ class HDSPMixerIOMixer:public Fl_Group + private: + char **p_iomixer_xpm; + int channel_num, relative_num, mixer_type; +- char channel_name[6]; ++ std::stringstream channel_name; + void update_child(Fl_Widget &widget); + public: + HDSPMixerStripData *data[3][3][8]; /* data[card][mode(ss/ds/qs)][preset number] */ diff --git a/alsa-tools.spec b/alsa-tools.spec index de04796..6c93da5 100644 --- a/alsa-tools.spec +++ b/alsa-tools.spec @@ -23,7 +23,7 @@ Summary: Specialist tools for ALSA Name: alsa-tools Version: 1.0.23 -Release: 1%{?dist} +Release: 2%{?dist} # Checked at least one source file from all the sub-projects contained in # the source tarball and they are consistent GPLv2+ - TJ 2007-11-15 @@ -43,6 +43,7 @@ Source5: 90-alsa-tools-firmware.rules # http://www.openclipart.org/detail/17428 Source6: hwmixvolume.png Source7: hwmixvolume.desktop +Patch0: alsa-tools-1.0.23-hdspmixer-crash.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: alsa-lib-devel >= %{version} %if 0%{!?_without_tools:1} @@ -95,6 +96,7 @@ The following tools are available: %prep %setup -q -n %{name}-%{version} +%patch0 -p1 %build @@ -232,6 +234,9 @@ install -m 644 %{SOURCE5} ${RPM_BUILD_ROOT}%{_sysconfdir}/udev/rules.d %endif %changelog +* Wed Feb 02 2011 Tim Jackson - 1.0.23-2 +- Fix common hdspmixer crash (#656514) + * Mon May 03 2010 Tom "spot" Callaway - 1.0.23-1 - update to 1.0.23