[pkgsrc/trunk]: pkgsrc/devel/gtexinfo Fixed the "fix" for CVE-2006-4810, sinc...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/devel/gtexinfo Fixed the "fix" for CVE-2006-4810, sinc...
From: rillig <rillig%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 04:24:32 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/66f83a0ed7f4
branches:  trunk
changeset: 523460:66f83a0ed7f4
user:      rillig <rillig%pkgsrc.org@localhost>
date:      Mon Jan 08 08:21:47 2007 +0000

description:
Fixed the "fix" for CVE-2006-4810, since it introduced these compiler
warnings.

===> GCC
texindex.c: In function `readline':
texindex.c:848: warning: assignment makes pointer from integer without a cast

===> MIPSpro
cc-1515 cc: ERROR File = texindex.c, Line = 848
  A value of type "long" cannot be assigned to an entity of type "char *".

            end = buffer - linebuffer->buffer;


Well, if the compilers were more intelligent, they could have seen that
(buffer == linebuffer->buffer) was an invariant and that the resulting
difference was therefore always zero, and zero can be converted into any
pointer type. ;)

diffstat:

 devel/gtexinfo/distinfo         |   5 +++--
 devel/gtexinfo/patches/patch-al |  38 +++++++++++++++++++++++++++++---------
 2 files changed, 32 insertions(+), 11 deletions(-)

diffs (94 lines):

diff -r 9874fae54e3f -r 66f83a0ed7f4 devel/gtexinfo/distinfo
--- a/devel/gtexinfo/distinfo   Mon Jan 08 07:13:54 2007 +0000
+++ b/devel/gtexinfo/distinfo   Mon Jan 08 08:21:47 2007 +0000
@@ -1,12 +1,13 @@
-$NetBSD: distinfo,v 1.25 2006/11/18 15:49:02 adrianp Exp $
+$NetBSD: distinfo,v 1.26 2007/01/08 08:21:47 rillig Exp $
 
 SHA1 (texinfo-4.8.tar.bz2) = b19e906f7220294c1e8b087d583c50f5c4d7c420
 RMD160 (texinfo-4.8.tar.bz2) = 5cb82cd240d1f22da813c7142df8828b4f6f1ea4
 Size (texinfo-4.8.tar.bz2) = 1521822 bytes
+SHA1 (patch-al.mine) = 8763b5d73088b2fea9da83c45686c27fd4525455
 SHA1 (patch-aa) = 2c6d6a812fcf3b1aa944832601c3415548e763f5
 SHA1 (patch-ab) = 299ae7a5001c6ab42cca7c6278ae1edb3b348511
 SHA1 (patch-ac) = 01baf8634edcecab0b5edaeddf1e38811cab490d
 SHA1 (patch-ad) = c5c3374322eb8a2c8dfc7871971b73194ab1b14c
 SHA1 (patch-aj) = d9071c62c993550d253c9e1889880d4fccf7d278
 SHA1 (patch-ak) = 2cef2ae464ddb5324acae000420017d4faf7b145
-SHA1 (patch-al) = b55ac4b85f23f11248f9cb66b242be7b4daf46ee
+SHA1 (patch-al) = 5cc3cb9b11ffea22be157bf5d653a92df58f198c
diff -r 9874fae54e3f -r 66f83a0ed7f4 devel/gtexinfo/patches/patch-al
--- a/devel/gtexinfo/patches/patch-al   Mon Jan 08 07:13:54 2007 +0000
+++ b/devel/gtexinfo/patches/patch-al   Mon Jan 08 08:21:47 2007 +0000
@@ -1,9 +1,14 @@
-$NetBSD: patch-al,v 1.3 2006/11/18 15:49:02 adrianp Exp $
+$NetBSD: patch-al,v 1.4 2007/01/08 08:21:48 rillig Exp $
 
 Security fix for CAN-2005-3001 and CVE-2006-4810
 
---- util/texindex.c.orig       2004-04-11 18:56:47.000000000 +0100
-+++ util/texindex.c
+Note: The "official" patch for CVE-2006-4810 is wrong. The "fixed" code
+assigns a "long" to a "char *". Furthermore, the code was completely
+broken anyway. Maybe that's why it has been removed in the current CVS
+version.
+
+--- util/texindex.c.orig       2004-04-11 19:56:47.000000000 +0200
++++ util/texindex.c    2007-01-08 09:02:20.000000000 +0100
 @@ -387,14 +387,15 @@ For more information about these matters
  /* Return a name for temporary file COUNT. */
  
@@ -47,16 +52,31 @@
  }
  
  
-@@ -837,7 +845,7 @@ readline (struct linebuffer *linebuffer,
+@@ -827,17 +835,19 @@ long
+ readline (struct linebuffer *linebuffer, FILE *stream)
+ {
+   char *buffer = linebuffer->buffer;
+-  char *p = linebuffer->buffer;
+-  char *end = p + linebuffer->size;
++  char *p = buffer;
++  char *end = buffer + linebuffer->size;
+ 
+   while (1)
+     {
++      /* invariant: buffer <= p && p <= end */
++      /* invariant: buffer + linebuffer->size == end */
++      /* invariant: buffer == linebuffer->buffer */
+       int c = getc (stream);
+       if (p == end)
          {
            buffer = (char *) xrealloc (buffer, linebuffer->size *= 2);
-           p += buffer - linebuffer->buffer;
+-          p += buffer - linebuffer->buffer;
 -          end += buffer - linebuffer->buffer;
-+          end = buffer - linebuffer->buffer;
++          end = buffer + linebuffer->size;
            linebuffer->buffer = buffer;
          }
        if (c < 0 || c == '\n')
-@@ -882,7 +890,7 @@ sort_offline (char *infile, off_t total,
+@@ -882,7 +892,7 @@ sort_offline (char *infile, off_t total,
  
    for (i = 0; i < ntemps; i++)
      {
@@ -65,7 +85,7 @@
        FILE *ostream = fopen (outname, "w");
        long tempsize = 0;
  
-@@ -930,7 +938,7 @@ fail:
+@@ -930,7 +940,7 @@ fail:
  
    for (i = 0; i < ntemps; i++)
      {
@@ -74,7 +94,7 @@
        sort_in_core (tempfiles[i], MAX_IN_CORE_SORT, newtemp);
        if (!keep_tempfiles)
          unlink (tempfiles[i]);
-@@ -1400,7 +1408,7 @@ merge_files (char **infiles, int nfiles,
+@@ -1400,7 +1410,7 @@ merge_files (char **infiles, int nfiles,
        int nf = MAX_DIRECT_MERGE;
        if (i + 1 == ntemps)
          nf = nfiles - i * MAX_DIRECT_MERGE;

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Updated devel/ncurses to 5.6
Next by Date: [pkgsrc/trunk]: pkgsrc/devel/nasm Only use __builtin_ctzl if it is available;...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated devel/ncurses to 5.6
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel/nasm Only use __builtin_ctzl if it is available;...
Indexes:

Home | Main Index | Thread Index | Old Index