Request 1365 (accepted)
No description set
Submit package home:nephros / inotify-tools to package sailfishos:chum:testing / inotify-tools
[-] [+] | Added | inotify-tools.spec |
[-] [+] | Added | 0005-Fix-segfault-with-csv-output-when-filename-contains-.patch ^ |
@@ -0,0 +1,24 @@ +From: Dmitry Bogatov <KAction@gnu.org> +Date: Sat, 4 Mar 2017 21:13:38 +0300 +Subject: [PATCH] Fix segfault with csv output when filename contains comma + +Double `csv_escape()'ing filename is logic error, but root of the +problem was that passing `csv' buffer back into `csv_escape()' caused +endless loop over `static char csv[MAXLEN]', and buffer overflow. +--- + src/inotifywait.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/inotifywait.c b/src/inotifywait.c +index 98aadd4..6e17007 100644 +--- a/src/inotifywait.c ++++ b/src/inotifywait.c +@@ -119,7 +119,7 @@ void validate_format( char * fmt ) { + void output_event_csv( struct inotify_event * event ) { + char *filename = csv_escape(inotifytools_filename_from_wd(event->wd)); + if (filename != NULL) +- printf("%s,", csv_escape(filename)); ++ printf("%s,", filename); + + printf("%s,", csv_escape( inotifytools_event_to_str( event->mask ) ) ); + if ( event->len > 0 ) | ||
[-] [+] | Added | 0006-Fix-buffer-overrun-in-inotifytools.c.patch ^ |
@@ -0,0 +1,33 @@ +From: Dmitry Bogatov <KAction@debian.org> +Date: Tue, 6 Aug 2019 16:36:24 +0000 +Subject: Fix buffer overrun in inotifytools.c + +The following code + + char *names[2+sizeof(int)/sizeof(char*)]; + +was supposed to allocate enough space on stack to fit two `char *' and one +`int'. Problem is that when sizeof(int) < sizeof(char *), which is likely on +64-bit systems, it caused expression `sizeof(int)/sizeof(char*)' evaluate to 0, +resulting in buffer overrun. + +Detected by GCC-9 new diagnostics. + +Closes: #925717 +--- + libinotifytools/src/inotifytools.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libinotifytools/src/inotifytools.c b/libinotifytools/src/inotifytools.c +index b3feca3..ce4ccd5 100644 +--- a/libinotifytools/src/inotifytools.c ++++ b/libinotifytools/src/inotifytools.c +@@ -859,7 +859,7 @@ void inotifytools_set_filename_by_filename( char const * oldname, + void inotifytools_replace_filename( char const * oldname, + char const * newname ) { + if ( !oldname || !newname ) return; +- char *names[2+sizeof(int)/sizeof(char*)]; ++ char *names[2+sizeof(int)/sizeof(char*) + 1]; + names[0] = (char*)oldname; + names[1] = (char*)newname; + *((int*)&names[2]) = strlen(oldname); | ||
Added | inotify-tools-3.14.tar.gz ^ |