summaryrefslogtreecommitdiff
path: root/audio/audacity/patches
diff options
context:
space:
mode:
authordrochner <drochner>2009-01-13 12:38:49 +0000
committerdrochner <drochner>2009-01-13 12:38:49 +0000
commit61ae7567be258aed8f8b934f43a947f2c3403cc6 (patch)
tree1baf84e7a14878169617de7e8376de62fb9b2127 /audio/audacity/patches
parent58a82ae3870496092eda67951be0bfd323508ee1 (diff)
downloadpkgsrc-61ae7567be258aed8f8b934f43a947f2c3403cc6.tar.gz
patch around SA33356: Audacity "String_parse::get_nonspace_quoted()"
Buffer Overflow (homegrown patch, might be sufficient or not) bump PKGREVISION
Diffstat (limited to 'audio/audacity/patches')
-rw-r--r--audio/audacity/patches/patch-ba24
-rw-r--r--audio/audacity/patches/patch-bb13
-rw-r--r--audio/audacity/patches/patch-bc30
3 files changed, 67 insertions, 0 deletions
diff --git a/audio/audacity/patches/patch-ba b/audio/audacity/patches/patch-ba
new file mode 100644
index 00000000000..86228eb1575
--- /dev/null
+++ b/audio/audacity/patches/patch-ba
@@ -0,0 +1,24 @@
+$NetBSD: patch-ba,v 1.1 2009/01/13 12:38:49 drochner Exp $
+
+--- lib-src/allegro/strparse.cpp.orig 2006-11-15 05:12:11.000000000 +0100
++++ lib-src/allegro/strparse.cpp
+@@ -16,8 +16,9 @@ char String_parse::peek()
+ }
+
+
+-void String_parse::get_nonspace_quoted(char *field)
++void String_parse::get_nonspace_quoted(char *field, int flen)
+ {
++ char *ofield = field;
+ skip_space();
+ bool quoted = false;
+ if (string[pos] == '"') {
+@@ -25,7 +26,7 @@ void String_parse::get_nonspace_quoted(c
+ *field++ = '"';
+ pos = pos + 1;
+ }
+- while (string[pos] && (quoted || !isspace(string[pos]))) {
++ while (string[pos] && (quoted || !isspace(string[pos])) && (field - ofield) < (flen - 2)) {
+ if (string[pos] == '"') {
+ if (quoted) {
+ *field++ = '"';
diff --git a/audio/audacity/patches/patch-bb b/audio/audacity/patches/patch-bb
new file mode 100644
index 00000000000..7c10a3a6f8e
--- /dev/null
+++ b/audio/audacity/patches/patch-bb
@@ -0,0 +1,13 @@
+$NetBSD: patch-bb,v 1.1 2009/01/13 12:38:49 drochner Exp $
+
+--- lib-src/allegro/strparse.h.orig 2006-11-15 05:12:11.000000000 +0100
++++ lib-src/allegro/strparse.h
+@@ -10,7 +10,7 @@ public:
+ }
+ void skip_space();
+ char peek();
+- void get_nonspace_quoted(char *field);
++ void get_nonspace_quoted(char *field, int flen);
+ };
+
+ void string_escape(char *result, char *str, char *quote);
diff --git a/audio/audacity/patches/patch-bc b/audio/audacity/patches/patch-bc
new file mode 100644
index 00000000000..3524f5ddf86
--- /dev/null
+++ b/audio/audacity/patches/patch-bc
@@ -0,0 +1,30 @@
+$NetBSD: patch-bc,v 1.1 2009/01/13 12:38:49 drochner Exp $
+
+--- ./lib-src/allegro/allegrord.cpp.orig 2006-11-15 05:12:11.000000000 +0100
++++ ./lib-src/allegro/allegrord.cpp
+@@ -109,10 +109,10 @@ bool Allegro_reader::parse()
+ bool new_note_flag = false; // "A"-"G" syntax
+ int new_note = 0;
+ Parameters_ptr attributes = NULL;
+- line_parser.get_nonspace_quoted(field);
++ line_parser.get_nonspace_quoted(field, field_max);
+ char pk = line_parser.peek();
+ if (pk && !isspace(pk)) {
+- line_parser.get_nonspace_quoted(field + strlen(field));
++ line_parser.get_nonspace_quoted(field + strlen(field), field_max - strlen(field));
+ }
+ while (field[0]) {
+ // print "field", "|";field;"|", "|";line_parser.string;"|", line_parser.pos
+@@ -203,10 +203,10 @@ bool Allegro_reader::parse()
+ if (error_flag) {
+ field[0] = 0; // exit the loop
+ } else {
+- line_parser.get_nonspace_quoted(field);
++ line_parser.get_nonspace_quoted(field, field_max);
+ pk = line_parser.peek();
+ if (pk && !isspace(pk)) {
+- line_parser.get_nonspace_quoted(field + strlen(field));
++ line_parser.get_nonspace_quoted(field + strlen(field), field_max - strlen(field));
+ }
+ }
+ }