pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
libvterm: adapt fix for CVE-2018-20786 from vim
Module Name: pkgsrc-wip
Committed By: Claes Nästén <pekdon%gmail.com@localhost>
Pushed By: pekdon
Date: Sun Mar 13 07:29:12 2022 +0100
Changeset: deb7f79e40c02c3744d84b78a596dcef74d81e26
Modified Files:
libvterm/distinfo
Added Files:
libvterm/patches/patch-src_screen.c
libvterm/patches/patch-src_state.c
libvterm/patches/patch-src_vterm.c
Removed Files:
libvterm/TODO
Log Message:
libvterm: adapt fix for CVE-2018-20786 from vim
Adapt fix from vim commit cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
with the addition of checking tmpbuffer allocation in
vterm_new_with_allocator
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=deb7f79e40c02c3744d84b78a596dcef74d81e26
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
libvterm/TODO | 2 -
libvterm/distinfo | 3 ++
libvterm/patches/patch-src_screen.c | 76 +++++++++++++++++++++++++++++++++++++
libvterm/patches/patch-src_state.c | 34 +++++++++++++++++
libvterm/patches/patch-src_vterm.c | 66 ++++++++++++++++++++++++++++++++
5 files changed, 179 insertions(+), 2 deletions(-)
diffs:
diff --git a/libvterm/TODO b/libvterm/TODO
deleted file mode 100644
index eb027e609f..0000000000
--- a/libvterm/TODO
+++ /dev/null
@@ -1,2 +0,0 @@
-This package has known vulnerabilities, please investigate and fix if possible:
- CVE-2018-20786
diff --git a/libvterm/distinfo b/libvterm/distinfo
index 30c93fa185..aee6362002 100644
--- a/libvterm/distinfo
+++ b/libvterm/distinfo
@@ -3,3 +3,6 @@ $NetBSD$
RMD160 (libvterm-0.1.4.tar.gz) = 827234390d2ac60377786c896808736827cbfbee
SHA512 (libvterm-0.1.4.tar.gz) = 90b5d47417e3f469df5c6574a27d12bd6bd1571d17cab7c4ac0ee61b1dbcb6361987f6fdfd11e314ea32f8958ec165c319a34d0f77288947c7cbc11de697d524
Size (libvterm-0.1.4.tar.gz) = 69122 bytes
+SHA1 (patch-src_screen.c) = c41f68d526cd7f1b8a625be6a9a2e4a6adfe5ee6
+SHA1 (patch-src_state.c) = ada2ea37ec6642039011b55557b38cfb88f37cc6
+SHA1 (patch-src_vterm.c) = 5dc781dfe804f13f1b0a0f8b00bf24aa0f8804f2
diff --git a/libvterm/patches/patch-src_screen.c b/libvterm/patches/patch-src_screen.c
new file mode 100644
index 0000000000..bd4148e3b1
--- /dev/null
+++ b/libvterm/patches/patch-src_screen.c
@@ -0,0 +1,76 @@
+$NetBSD$
+
+CVE-2018-20786 fix from vim cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
+
+--- src/screen.c.orig 2022-03-13 06:09:38.851039573 +0000
++++ src/screen.c
+@@ -94,8 +94,7 @@ static ScreenCell *realloc_buffer(VTermS
+ }
+ }
+
+- if(buffer)
+- vterm_allocator_free(screen->vt, buffer);
++ vterm_allocator_free(screen->vt, buffer);
+
+ return new_buffer;
+ }
+@@ -517,8 +516,7 @@ static int resize(int new_rows, int new_
+ screen->rows = new_rows;
+ screen->cols = new_cols;
+
+- if(screen->sb_buffer)
+- vterm_allocator_free(screen->vt, screen->sb_buffer);
++ vterm_allocator_free(screen->vt, screen->sb_buffer);
+
+ screen->sb_buffer = vterm_allocator_malloc(screen->vt, sizeof(VTermScreenCell) * new_cols);
+
+@@ -619,13 +617,19 @@ static VTermStateCallbacks state_cbs = {
+ .setlineinfo = &setlineinfo,
+ };
+
++/*
++ * Allocate a new screen and return it.
++ * Return NULL when out of memory.
++ */
+ static VTermScreen *screen_new(VTerm *vt)
+ {
+ VTermState *state = vterm_obtain_state(vt);
+- if(!state)
++ if (state == NULL)
+ return NULL;
+
+ VTermScreen *screen = vterm_allocator_malloc(vt, sizeof(VTermScreen));
++ if (screen == NULL)
++ return NULL;
+ int rows, cols;
+
+ vterm_get_size(vt, &rows, &cols);
+@@ -644,10 +648,13 @@ static VTermScreen *screen_new(VTerm *vt
+ screen->cbdata = NULL;
+
+ screen->buffers[0] = realloc_buffer(screen, NULL, rows, cols);
+-
+ screen->buffer = screen->buffers[0];
+-
+ screen->sb_buffer = vterm_allocator_malloc(screen->vt, sizeof(VTermScreenCell) * cols);
++ if (screen->buffer == NULL || screen->sb_buffer == NULL)
++ {
++ vterm_screen_free(screen);
++ return NULL;
++ }
+
+ vterm_state_set_callbacks(screen->state, &state_cbs, screen);
+
+@@ -657,11 +664,8 @@ static VTermScreen *screen_new(VTerm *vt
+ INTERNAL void vterm_screen_free(VTermScreen *screen)
+ {
+ vterm_allocator_free(screen->vt, screen->buffers[0]);
+- if(screen->buffers[1])
+- vterm_allocator_free(screen->vt, screen->buffers[1]);
+-
++ vterm_allocator_free(screen->vt, screen->buffers[1]);
+ vterm_allocator_free(screen->vt, screen->sb_buffer);
+-
+ vterm_allocator_free(screen->vt, screen);
+ }
+
diff --git a/libvterm/patches/patch-src_state.c b/libvterm/patches/patch-src_state.c
new file mode 100644
index 0000000000..06dbfda400
--- /dev/null
+++ b/libvterm/patches/patch-src_state.c
@@ -0,0 +1,34 @@
+$NetBSD$
+
+CVE-2018-20786 fix from vim cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
+
+--- src/state.c.orig 2022-03-12 21:10:57.446471266 +0000
++++ src/state.c
+@@ -52,6 +52,8 @@ static VTermState *vterm_state_new(VTerm
+ {
+ VTermState *state = vterm_allocator_malloc(vt, sizeof(VTermState));
+
++ if (state == NULL)
++ return NULL;
+ state->vt = vt;
+
+ state->rows = vt->rows;
+@@ -1697,12 +1699,18 @@ static const VTermParserCallbacks parser
+ .resize = on_resize,
+ };
+
++/*
++ * Return the existing state or create a new one.
++ * Returns NULL when out of memory.
++ */
+ VTermState *vterm_obtain_state(VTerm *vt)
+ {
+ if(vt->state)
+ return vt->state;
+
+ VTermState *state = vterm_state_new(vt);
++ if (state == NULL)
++ return NULL;
+ vt->state = state;
+
+ state->combine_chars_size = 16;
diff --git a/libvterm/patches/patch-src_vterm.c b/libvterm/patches/patch-src_vterm.c
new file mode 100644
index 0000000000..0550a4ad96
--- /dev/null
+++ b/libvterm/patches/patch-src_vterm.c
@@ -0,0 +1,66 @@
+$NetBSD$
+
+CVE-2018-20786 fix from vim cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
+
+--- src/vterm.c.orig 2020-08-22 14:54:34.000000000 +0000
++++ src/vterm.c
+@@ -37,6 +37,8 @@ VTerm *vterm_new_with_allocator(int rows
+ /* Need to bootstrap using the allocator function directly */
+ VTerm *vt = (*funcs->malloc)(sizeof(VTerm), allocdata);
+
++ if (vt == NULL)
++ return NULL;
+ vt->allocator = funcs;
+ vt->allocdata = allocdata;
+
+@@ -51,6 +53,12 @@ VTerm *vterm_new_with_allocator(int rows
+ vt->parser.strbuffer_len = 64;
+ vt->parser.strbuffer_cur = 0;
+ vt->parser.strbuffer = vterm_allocator_malloc(vt, vt->parser.strbuffer_len);
++ if (vt->parser.strbuffer == NULL)
++ {
++ vterm_allocator_free(vt, vt);
++ return NULL;
++ }
++
+
+ vt->outfunc = NULL;
+ vt->outdata = NULL;
+@@ -58,9 +66,22 @@ VTerm *vterm_new_with_allocator(int rows
+ vt->outbuffer_len = 64;
+ vt->outbuffer_cur = 0;
+ vt->outbuffer = vterm_allocator_malloc(vt, vt->outbuffer_len);
++ if (vt->outbuffer == NULL)
++ {
++ vterm_allocator_free(vt, vt->parser.strbuffer);
++ vterm_allocator_free(vt, vt);
++ return NULL;
++ }
+
+ vt->tmpbuffer_len = 64;
+ vt->tmpbuffer = vterm_allocator_malloc(vt, vt->tmpbuffer_len);
++ if (vt->tmpbuffer == NULL)
++ {
++ vterm_allocator_free(vt, vt->outbuffer);
++ vterm_allocator_free(vt, vt->parser.strbuffer);
++ vterm_allocator_free(vt, vt);
++ return NULL;
++ }
+
+ return vt;
+ }
+@@ -85,9 +106,13 @@ INTERNAL void *vterm_allocator_malloc(VT
+ return (*vt->allocator->malloc)(size, vt->allocdata);
+ }
+
++/*
++ * Free "ptr" unless it is NULL.
++ */
+ INTERNAL void vterm_allocator_free(VTerm *vt, void *ptr)
+ {
+- (*vt->allocator->free)(ptr, vt->allocdata);
++ if (ptr)
++ (*vt->allocator->free)(ptr, vt->allocdata);
+ }
+
+ void vterm_get_size(const VTerm *vt, int *rowsp, int *colsp)
Home |
Main Index |
Thread Index |
Old Index