[Libreoffice-commits] .: icu/icu4c-buffer-overflow.patch icu/makefile.mk

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Sun Dec 23 04:33:42 PST 2012 

 icu/icu4c-buffer-overflow.patch |   29 +++++++++++++++++++++++++++++
 icu/makefile.mk                 |    1 +
 2 files changed, 30 insertions(+)

New commits:
commit 80af815ce0e4453a1960c39aaa8ebb4f5e412136
Author: Tomáš Chvátal <tchvatal at suse.cz>
Date:   Sun Dec 23 13:21:27 2012 +0100

    Add icu patch to avoid buffer overflow, taken from obs
    
    Change-Id: I42ae81279fedca04b7ba08269a6c47f174cf6b01

diff --git a/icu/icu4c-buffer-overflow.patch b/icu/icu4c-buffer-overflow.patch
new file mode 100644
index 0000000..1f3d2ca
--- /dev/null
+++ b/icu/icu4c-buffer-overflow.patch
@@ -0,0 +1,29 @@
+I: Statement might be overflowing a buffer in strncat. Common mistake:
+   BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
+   GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
+E: icu bufferoverflowstrncat pkgdata.cpp:299:87
+
+---
+ source/tools/pkgdata/pkgdata.cpp |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: icu/source/tools/pkgdata/pkgdata.cpp
+===================================================================
+--- icu.orig/source/tools/pkgdata/pkgdata.cpp
++++ icu/source/tools/pkgdata/pkgdata.cpp
+@@ -1914,12 +1914,12 @@ static void loadLists(UPKGOptions *o, UE
+     const char cmd[] = "icu-config --incpkgdatafile";
+ 
+     /* #1 try the same path where pkgdata was called from. */
+-    findDirname(progname, cmdBuf, 1024, &status);
++    findDirname(progname, cmdBuf, sizeof(cmdBuf), &status);
+     if(U_SUCCESS(status)) {
+       if (cmdBuf[0] != 0) {
+-          uprv_strncat(cmdBuf, U_FILE_SEP_STRING, 1024);
++          uprv_strncat(cmdBuf, U_FILE_SEP_STRING, sizeof(cmdBuf)-1-strlen(cmdBuf));
+       }
+-      uprv_strncat(cmdBuf, cmd, 1024);
++      uprv_strncat(cmdBuf, cmd, sizeof(cmdBuf)-1-strlen(cmdBuf));
+       
+       if(verbose) {
+         fprintf(stdout, "# Calling icu-config: %s\n", cmdBuf);
diff --git a/icu/makefile.mk b/icu/makefile.mk
index 2d50a24..5494fa5 100644
--- a/icu/makefile.mk
+++ b/icu/makefile.mk
@@ -57,6 +57,7 @@ PATCH_FILES=\
     icu4c-macosx.patch \
     icu4c-solarisgcc.patch \
     icu4c-mkdir.patch \
+    icu4c-buffer-overflow.patch \
 
 .IF "$(OS)"=="ANDROID"
 PATCH_FILES+=\

More information about the Libreoffice-commits mailing list