diff options
author | drochner <drochner> | 2009-01-13 12:38:49 +0000 |
---|---|---|
committer | drochner <drochner> | 2009-01-13 12:38:49 +0000 |
commit | 61ae7567be258aed8f8b934f43a947f2c3403cc6 (patch) | |
tree | 1baf84e7a14878169617de7e8376de62fb9b2127 /audio/audacity/patches | |
parent | 58a82ae3870496092eda67951be0bfd323508ee1 (diff) | |
download | pkgsrc-61ae7567be258aed8f8b934f43a947f2c3403cc6.tar.gz |
patch around SA33356: Audacity "String_parse::get_nonspace_quoted()"
Buffer Overflow
(homegrown patch, might be sufficient or not)
bump PKGREVISION
Diffstat (limited to 'audio/audacity/patches')
-rw-r--r-- | audio/audacity/patches/patch-ba | 24 | ||||
-rw-r--r-- | audio/audacity/patches/patch-bb | 13 | ||||
-rw-r--r-- | audio/audacity/patches/patch-bc | 30 |
3 files changed, 67 insertions, 0 deletions
diff --git a/audio/audacity/patches/patch-ba b/audio/audacity/patches/patch-ba new file mode 100644 index 00000000000..86228eb1575 --- /dev/null +++ b/audio/audacity/patches/patch-ba @@ -0,0 +1,24 @@ +$NetBSD: patch-ba,v 1.1 2009/01/13 12:38:49 drochner Exp $ + +--- lib-src/allegro/strparse.cpp.orig 2006-11-15 05:12:11.000000000 +0100 ++++ lib-src/allegro/strparse.cpp +@@ -16,8 +16,9 @@ char String_parse::peek() + } + + +-void String_parse::get_nonspace_quoted(char *field) ++void String_parse::get_nonspace_quoted(char *field, int flen) + { ++ char *ofield = field; + skip_space(); + bool quoted = false; + if (string[pos] == '"') { +@@ -25,7 +26,7 @@ void String_parse::get_nonspace_quoted(c + *field++ = '"'; + pos = pos + 1; + } +- while (string[pos] && (quoted || !isspace(string[pos]))) { ++ while (string[pos] && (quoted || !isspace(string[pos])) && (field - ofield) < (flen - 2)) { + if (string[pos] == '"') { + if (quoted) { + *field++ = '"'; diff --git a/audio/audacity/patches/patch-bb b/audio/audacity/patches/patch-bb new file mode 100644 index 00000000000..7c10a3a6f8e --- /dev/null +++ b/audio/audacity/patches/patch-bb @@ -0,0 +1,13 @@ +$NetBSD: patch-bb,v 1.1 2009/01/13 12:38:49 drochner Exp $ + +--- lib-src/allegro/strparse.h.orig 2006-11-15 05:12:11.000000000 +0100 ++++ lib-src/allegro/strparse.h +@@ -10,7 +10,7 @@ public: + } + void skip_space(); + char peek(); +- void get_nonspace_quoted(char *field); ++ void get_nonspace_quoted(char *field, int flen); + }; + + void string_escape(char *result, char *str, char *quote); diff --git a/audio/audacity/patches/patch-bc b/audio/audacity/patches/patch-bc new file mode 100644 index 00000000000..3524f5ddf86 --- /dev/null +++ b/audio/audacity/patches/patch-bc @@ -0,0 +1,30 @@ +$NetBSD: patch-bc,v 1.1 2009/01/13 12:38:49 drochner Exp $ + +--- ./lib-src/allegro/allegrord.cpp.orig 2006-11-15 05:12:11.000000000 +0100 ++++ ./lib-src/allegro/allegrord.cpp +@@ -109,10 +109,10 @@ bool Allegro_reader::parse() + bool new_note_flag = false; // "A"-"G" syntax + int new_note = 0; + Parameters_ptr attributes = NULL; +- line_parser.get_nonspace_quoted(field); ++ line_parser.get_nonspace_quoted(field, field_max); + char pk = line_parser.peek(); + if (pk && !isspace(pk)) { +- line_parser.get_nonspace_quoted(field + strlen(field)); ++ line_parser.get_nonspace_quoted(field + strlen(field), field_max - strlen(field)); + } + while (field[0]) { + // print "field", "|";field;"|", "|";line_parser.string;"|", line_parser.pos +@@ -203,10 +203,10 @@ bool Allegro_reader::parse() + if (error_flag) { + field[0] = 0; // exit the loop + } else { +- line_parser.get_nonspace_quoted(field); ++ line_parser.get_nonspace_quoted(field, field_max); + pk = line_parser.peek(); + if (pk && !isspace(pk)) { +- line_parser.get_nonspace_quoted(field + strlen(field)); ++ line_parser.get_nonspace_quoted(field + strlen(field), field_max - strlen(field)); + } + } + } |