void-packages/srcpkgs/libspiro/patches/CVE-2019-19847.patch

64 lines
2.3 KiB
Diff
Raw Normal View History

From 35233450c922787dad42321e359e5229ff470a1e Mon Sep 17 00:00:00 2001
From: Joe Da Silva <digital@joescat.com>
Date: Sat, 21 Dec 2019 13:10:22 -0800
Subject: [PATCH] CVE-2019-19847, Stack-based buffer overflow in the
spiro_to_bpath0()
Frederic Cambus (@fcambus) discovered a bug in call-test.c using:
./configure CFLAGS="-fsanitize=address"
make
./tests/call-test[14,15,16,17,18,19]
Fredrick Brennan (@ctrlcctrlv) provided bugfix. See issue #21
---
configure.ac | 7 ++++++-
tests/call-test.c | 4 ++--
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git configure.ac configure.ac
index 8a44d04..e77ce17 100644
--- configure.ac
+++ configure.ac
@@ -50,7 +50,7 @@ m4_define([spiro_age], [0])
m4_define([spiro_libver],[spiro_current:spiro_revision:spiro_age])
m4_define([spiro_package_name], [libspiro])
-
+
AC_INIT([spiro],[spiro_package_stamp],[fontforge-devel@lists.sourceforge.net],
[spiro_package_name],[https://github.com/fontforge/libspiro])
@@ -236,6 +236,11 @@ dnl AX_CHECK_COMPILE_FLAG([-Wcast-qual],[WCFLAGS="$WCFLAGS -Wcast-qual"])
dnl AX_CHECK_COMPILE_FLAG([-Wcast-align],[WCFLAGS="$WCFLAGS -Wcast-align"])
dnl AX_CHECK_COMPILE_FLAG([-Wpadded],[WCFLAGS="$WCFLAGS -Wpadded"])
dnl AX_CHECK_COMPILE_FLAG([-Woverlength-strings],[WCFLAGS="$WCFLAGS -Woverlength-strings"])
+
+dnl NOTE: -fsanitize has to be first library
+dnl and will also conflict with other checks
+dnl like valgrind due to similar test checks
+dnl AX_CHECK_COMPILE_FLAG([-fsanitize=address],[CFLAGS=" -fsanitize=address $CFLAGS"])
AC_LANG_POP
# Skip if replacing with LS_LIB instead.
WLSLIB=""
diff --git tests/call-test.c tests/call-test.c
index c27d41a..76ee12d 100644
--- tests/call-test.c
+++ tests/call-test.c
@@ -536,7 +536,7 @@ bezctx *new_bezctx_test(void) {
int test_curve(int c) {
spiro_cp spiro[16];
int nextknot[17];
- double d[5];
+ double d[6];
spiro_seg *segs = NULL;
bezctx *bc;
rs_check_vals *rsp;
@@ -545,7 +545,7 @@ int test_curve(int c) {
/* Load sample data so that we can see if library is callable */
load_test_curve(spiro,nextknot,c);
- d[0] = 1.; d[1] = d[1] = 0.;
+ d[0] = 1.; d[1] = d[2] = 0.;
#if defined(DO_CALL_TEST20)
/* check if spiro values are reversed correctly on input path */
printf("---\ntesting spiroreverse() using data=path%d[].\n",c);