rpms/coreutils
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Resolves: #1259942 - fix memory leak in sort/I18N

Browse source 
Patches written by Pádraig.

Note that the corresponding i18n/sort-month test was not included
because it breaks unless sort is compiled -Dlint and we do not want
to decrease performance of the resulting RPMs (and valgrind is not
installed in production buildroots anyway).
This commit is contained in:
Kamil Dudka 2015-09-16 19:58:21 +02:00
commit fc04e600ea
2 changed files with 48 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

67
coreutils-i18n.patch
View file

@ -3047,8 +3047,8 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
+ register int lo = 0, hi = MONTHS_PER_YEAR, result;
+ char *tmp;
+ size_t wclength, mblength;
+ const char **pp;
+ const wchar_t **wpp;
+ const char *pp;
+ const wchar_t *wpp;
+ wchar_t *month_wcs;
+ mbstate_t state;
+
@ -3061,17 +3061,19 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
+ if (len == 0)
+ return 0;
+
+ month = (char *) xmalloc (len + 1);
+ if (SIZE_MAX - len < 1)
+ xalloc_die ();
+
+ tmp = (char *) xmalloc (len + 1);
+ month = (char *) xnmalloc (len + 1, MB_CUR_MAX);
+
+ pp = tmp = (char *) xnmalloc (len + 1, MB_CUR_MAX);
+ memcpy (tmp, s, len);
+ tmp[len] = '\0';
+ pp = (const char **)&tmp;
+ month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t));
+ memset (&state, '\0', sizeof(mbstate_t));
+ wpp = month_wcs = (wchar_t *) xnmalloc (len + 1, sizeof (wchar_t));
+ memset (&state, '\0', sizeof (mbstate_t));
+
+ wclength = mbsrtowcs (month_wcs, pp, len + 1, &state);
+ if (wclength == (size_t)-1 || *pp != NULL)
+ wclength = mbsrtowcs (month_wcs, &pp, len + 1, &state);
+ if (wclength == (size_t)-1 || pp != NULL)
+ error (SORT_FAILURE, 0, _("Invalid multibyte input %s."), quote(s));
+
+ for (i = 0; i < wclength; i++)
@ -3084,10 +3086,8 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
+ }
+ }
+
+ wpp = (const wchar_t **)&month_wcs;
+
+ mblength = wcsrtombs (month, wpp, len + 1, &state);
+ assert (mblength != (-1) && *wpp == NULL);
+ mblength = wcsrtombs (month, &wpp, (len + 1) * MB_CUR_MAX, &state);
+ assert (mblength != (-1) && wpp == NULL);
+
+ do
+ {
@ -3132,7 +3132,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
else if (key->random)
diff = compare_random (ta, tlena, tb, tlenb);
else if (key->version)
@@ -2694,6 +3134,211 @@ keycompare (struct line const *a, struct
@@ -2695,6 +3135,211 @@ keycompare (struct line const *a, struct line const *b)
return key->reverse ? -diff : diff;
}
@ -3344,7 +3344,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
/* Compare two lines A and B, returning negative, zero, or positive
depending on whether A compares less than, equal to, or greater than B. */
@@ -2722,7 +3347,7 @@ compare (struct line const *a, struct li
@@ -2722,7 +3367,7 @@ compare (struct line const *a, struct line const *b)
diff = - NONZERO (blen);
else if (blen == 0)
diff = 1;
@ -3353,7 +3353,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
{
/* Note xmemcoll0 is a performance enhancement as
it will not unconditionally write '\0' after the
@@ -4121,6 +4746,7 @@ set_ordering (char const *s, struct keyf
@@ -4121,6 +4766,7 @@ set_ordering (char const *s, struct keyfield *key, enum blanktype blanktype)
break;
case 'f':
key->translate = fold_toupper;
@ -3361,7 +3361,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
break;
case 'g':
key->general_numeric = true;
@@ -4198,7 +4824,7 @@ main (int argc, char **argv)
@@ -4198,7 +4844,7 @@ main (int argc, char **argv)
initialize_exit_failure (SORT_FAILURE);
hard_LC_COLLATE = hard_locale (LC_COLLATE);
@ -3370,7 +3370,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
hard_LC_TIME = hard_locale (LC_TIME);
#endif
@@ -4219,6 +4845,29 @@ main (int argc, char **argv)
@@ -4219,6 +4865,29 @@ main (int argc, char **argv)
thousands_sep = -1;
}
@ -3400,7 +3400,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
have_read_stdin = false;
inittables ();
@@ -4493,13 +5142,34 @@ main (int argc, char **argv)
@@ -4493,13 +5162,34 @@ main (int argc, char **argv)
case 't':
{
@ -3439,7 +3439,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
else
{
/* Provoke with 'sort -txx'. Complain about
@@ -4510,9 +5180,12 @@ main (int argc, char **argv)
@@ -4510,9 +5200,12 @@ main (int argc, char **argv)
quote (optarg));
}
}
@ -3454,6 +3454,33 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
}
break;
@@ -4682,10 +5375,10 @@ main (int argc, char **argv)
if (nfiles == 0)
{
- static char *minus = (char *) "-";
nfiles = 1;
free (files);
- files = &minus;
+ files = xmalloc (sizeof *files);
+ *files = (char *) "-";
}
/* Need to re-check that we meet the minimum requirement for memory
@@ -4743,6 +5436,13 @@ main (int argc, char **argv)
sort (files, nfiles, outfile, nthreads);
}
+#ifdef lint
+ if (files_from)
+ readtokens0_free (&tok);
+ else
+ free (files);
+#endif
+
if (have_read_stdin && fclose (stdin) == EOF)
die (_("close failed"), "-");
diff -urNp coreutils-8.23-orig/tests/i18n/sort.sh coreutils-8.23/tests/i18n/sort.sh
--- coreutils-8.23-orig/tests/i18n/sort.sh 1970-01-01 01:00:00.000000000 +0100
+++ coreutils-8.23/tests/i18n/sort.sh 2014-07-22 13:45:52.733652016 +0200

1
coreutils.spec
View file

@ -374,6 +374,7 @@ fi
%changelog
* Wed Sep 16 2015 Kamil Dudka <kdudka@redhat.com> - 8.23-11
- fix memory leak in sort/I18N (patches written by Pádraig, #1259942)
- use newer version of sort/I18N fix for CVE-2015-4041 and CVE-2015-4042
- call utilities in colorls.* scripts with full path (#1222140)