[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-4-1-6+backports' - liborcus/0001-Prevent-infinite-loop-in-case-the-magic-number-is-no.patch.1 liborcus/0002-throw-an-exception-instead-of-asserting-on-invalid-i.patch.1 liborcus/0003-protect-the-self-closing-xml-element-code-against-se.patch.1 liborcus/UnpackedTarball_liborcus.mk
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Fri Aug 17 13:37:20 UTC 2018
liborcus/0001-Prevent-infinite-loop-in-case-the-magic-number-is-no.patch.1 | 27 +++++++
liborcus/0002-throw-an-exception-instead-of-asserting-on-invalid-i.patch.1 | 30 ++++++++
liborcus/0003-protect-the-self-closing-xml-element-code-against-se.patch.1 | 35 ++++++++++
liborcus/UnpackedTarball_liborcus.mk | 5 +
4 files changed, 97 insertions(+)
New commits:
commit 4a9fed87350422091c04e4dd7283d024040126eb
Author: Thorsten Behrens <Thorsten.Behrens at CIB.de>
AuthorDate: Fri Aug 17 15:36:07 2018 +0200
Commit: Thorsten Behrens <Thorsten.Behrens at CIB.de>
CommitDate: Fri Aug 17 15:36:07 2018 +0200
liborcus: backport fixes from upstream
Since we're stuck functionally to the 0.5.x version here, backport
relevant fixes from the upstream project
Change-Id: I1531682ec3ec7a22d4cf721fc7bf85a57073ca8e
diff --git a/liborcus/0001-Prevent-infinite-loop-in-case-the-magic-number-is-no.patch.1 b/liborcus/0001-Prevent-infinite-loop-in-case-the-magic-number-is-no.patch.1
new file mode 100644
index 000000000000..9b18008ba959
--- /dev/null
+++ b/liborcus/0001-Prevent-infinite-loop-in-case-the-magic-number-is-no.patch.1
@@ -0,0 +1,27 @@
+From 8c8cdc53438a46d6f0c889b987353ec82cbe0ea2 Mon Sep 17 00:00:00 2001
+From: Kohei Yoshida <kohei.yoshida at gmail.com>
+Date: Sun, 1 Sep 2013 22:28:35 -0400
+Subject: [PATCH 1/3] Prevent infinite loop in case the magic number is not
+ found.
+
+(cherry picked from commit b554e16c154b6bf9e64ecc883e134cf5c2301b6f)
+---
+ src/parser/zip_archive.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/parser/zip_archive.cpp b/src/parser/zip_archive.cpp
+index e244908b..2e4f5885 100644
+--- a/src/parser/zip_archive.cpp
++++ b/src/parser/zip_archive.cpp
+@@ -529,7 +529,7 @@ size_t zip_archive_impl::seek_central_dir()
+ // Read stream backward and try to find the magic number.
+
+ size_t read_end_pos = m_stream_size;
+- while (true)
++ while (read_end_pos)
+ {
+ if (read_end_pos < buf.size())
+ // Last segment to read.
+--
+2.13.7
+
diff --git a/liborcus/0002-throw-an-exception-instead-of-asserting-on-invalid-i.patch.1 b/liborcus/0002-throw-an-exception-instead-of-asserting-on-invalid-i.patch.1
new file mode 100644
index 000000000000..dca4d5fe1ff5
--- /dev/null
+++ b/liborcus/0002-throw-an-exception-instead-of-asserting-on-invalid-i.patch.1
@@ -0,0 +1,30 @@
+From 704dc974685d0c4c7fe41c1551078a2208ba07bd Mon Sep 17 00:00:00 2001
+From: Markus Mohrhard <markus.mohrhard at googlemail.com>
+Date: Fri, 23 Dec 2016 01:37:45 +0100
+Subject: [PATCH 2/3] throw an exception instead of asserting on invalid input
+
+This was found by afl.
+
+(cherry picked from commit 43805da3c4168ff24b0e6b82041fbe58dc8b4e6d)
+---
+ include/orcus/csv_parser.hpp | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/orcus/csv_parser.hpp b/include/orcus/csv_parser.hpp
+index 3f80da0e..271f0248 100644
+--- a/include/orcus/csv_parser.hpp
++++ b/include/orcus/csv_parser.hpp
+@@ -192,7 +192,9 @@ void csv_parser<_Handler>::row()
+ return;
+ }
+
+- assert(is_delim(c));
++ if (is_delim(c))
++ throw csv_parse_error("expected a delimiter");
++
+ next();
+
+ if (m_config.trim_cell_value)
+--
+2.13.7
+
diff --git a/liborcus/0003-protect-the-self-closing-xml-element-code-against-se.patch.1 b/liborcus/0003-protect-the-self-closing-xml-element-code-against-se.patch.1
new file mode 100644
index 000000000000..818c01d369cc
--- /dev/null
+++ b/liborcus/0003-protect-the-self-closing-xml-element-code-against-se.patch.1
@@ -0,0 +1,35 @@
+From 1dcaea9757edd06e0293c4abeea49884e70f09c5 Mon Sep 17 00:00:00 2001
+From: Markus Mohrhard <markus.mohrhard at googlemail.com>
+Date: Wed, 21 Feb 2018 00:29:03 +0100
+Subject: [PATCH 3/3] protect the self-closing xml element code against
+ self-closing root elements
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Found by Antti Levomäki and Christian Jalio from Forcepoint.
+
+(cherry picked from commit 12e5d89cbd7101c61fbdf063322203a1590a0ef5)
+
+Conflicts:
+ include/orcus/sax_parser.hpp
+---
+ include/orcus/sax_parser.hpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/include/orcus/sax_parser.hpp b/include/orcus/sax_parser.hpp
+index aa74364e..53c33490 100644
+--- a/include/orcus/sax_parser.hpp
++++ b/include/orcus/sax_parser.hpp
+@@ -312,6 +312,8 @@ void sax_parser<_Handler>::element_open(const char* begin_pos)
+ elem.end_pos = m_char;
+ m_handler.start_element(elem);
+ m_handler.end_element(elem);
++ if (!m_nest_level)
++ m_root_elem_open = false;
+ return;
+ }
+ else if (c == '>')
+--
+2.13.7
+
diff --git a/liborcus/UnpackedTarball_liborcus.mk b/liborcus/UnpackedTarball_liborcus.mk
index 062999d2f92c..5f8412bea230 100644
--- a/liborcus/UnpackedTarball_liborcus.mk
+++ b/liborcus/UnpackedTarball_liborcus.mk
@@ -24,6 +24,11 @@ liborcus_patches += liborcus_0.1.0-dllimport.patch
# fdo#63844
liborcus_patches += liborcus-handle-invalid-xml.patch.1
+# backports
+liborcus_patches += 0001-Prevent-infinite-loop-in-case-the-magic-number-is-no.patch.1
+liborcus_patches += 0002-throw-an-exception-instead-of-asserting-on-invalid-i.patch.1
+liborcus_patches += 0003-protect-the-self-closing-xml-element-code-against-se.patch.1
+
ifeq ($(OS),MACOSX)
# no "tac" command on OS X, but "tail -r"
liborcus_patches += liborcus_0.1.0-tac.patch
More information about the Libreoffice-commits
mailing list