patch around SA33356: Audacity "String_parse::get_nonspace_quoted()"

Buffer Overflow (homegrown patch, might be sufficient or not) bump PKGREVISION
author: drochner <drochner> 2009-01-13 12:38:49 +0000
committer: drochner <drochner> 2009-01-13 12:38:49 +0000
commit: 530d891ae508321b11b718fd5b981925fc8eb609 (patch)
tree: 1baf84e7a14878169617de7e8376de62fb9b2127 /audio/audacity
parent: ca5d700d1a532711a10dd1bb682ef39ba0a52282 (diff)
download: pkgsrc-530d891ae508321b11b718fd5b981925fc8eb609.tar.gz
5 files changed, 73 insertions, 3 deletions
diff --git a/audio/audacity/Makefile b/audio/audacity/Makefile
index acc0988e81e..6c1e9f01c78 100644
--- a/audio/audacity/Makefile
+++ b/audio/audacity/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2008/06/12 02:14:13 joerg Exp $
+# $NetBSD: Makefile,v 1.59 2009/01/13 12:38:49 drochner Exp $
 
 DISTNAME=		audacity-src-1.2.6
-PKGREVISION=		1
+PKGREVISION=		2
 PKGNAME=		${DISTNAME:S/-src-/-/}
 CATEGORIES=		audio
 MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=audacity/}
diff --git a/audio/audacity/distinfo b/audio/audacity/distinfo
index 6f67d923d91..4a97509bf78 100644
--- a/audio/audacity/distinfo
+++ b/audio/audacity/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2008/03/20 15:58:47 drochner Exp $
+$NetBSD: distinfo,v 1.18 2009/01/13 12:38:49 drochner Exp $
 
 SHA1 (audacity-src-1.2.6.tar.gz) = 1bfdd119fdc09d1aa334aee21d4831ef6e939fce
 RMD160 (audacity-src-1.2.6.tar.gz) = f59ca075ae430a518b77ce2ed08441abe2b67a0c
@@ -16,3 +16,6 @@ SHA1 (patch-aj) = 34b4cdd266345f04954983cc14e4b762f09f4df8
 SHA1 (patch-ak) = 5f012eb47c832a8f11bcfbdcaf0ab2e876abd04e
 SHA1 (patch-al) = 224437cc76e1f25d600e859d278ad73bbf261efa
 SHA1 (patch-am) = 3210d8632ee9f5361008277e2c887f24d87205a1
+SHA1 (patch-ba) = c27676c7110bf6ef2fcd448d68402b7bfd21b631
+SHA1 (patch-bb) = 050c6edc0a174e2496ef0b572002eca185bd38de
+SHA1 (patch-bc) = 8a08526c37e025a89a747fa2c7a48668fe797572
diff --git a/audio/audacity/patches/patch-ba b/audio/audacity/patches/patch-ba
new file mode 100644
index 00000000000..86228eb1575
--- /dev/null
+++ b/audio/audacity/patches/patch-ba
@@ -0,0 +1,24 @@
+$NetBSD: patch-ba,v 1.1 2009/01/13 12:38:49 drochner Exp $
+
+--- lib-src/allegro/strparse.cpp.orig	2006-11-15 05:12:11.000000000 +0100
++++ lib-src/allegro/strparse.cpp
+@@ -16,8 +16,9 @@ char String_parse::peek()
+ }
+ 
+ 
+-void String_parse::get_nonspace_quoted(char *field)
++void String_parse::get_nonspace_quoted(char *field, int flen)
+ {
++    char *ofield = field;
+     skip_space();
+     bool quoted = false;
+     if (string[pos] == '"') {
+@@ -25,7 +26,7 @@ void String_parse::get_nonspace_quoted(c
+         *field++ = '"';
+         pos = pos + 1;
+     }
+-    while (string[pos] && (quoted || !isspace(string[pos]))) {
++    while (string[pos] && (quoted || !isspace(string[pos])) && (field - ofield) < (flen - 2)) {
+         if (string[pos] == '"') {
+             if (quoted) {
+                 *field++ = '"';
diff --git a/audio/audacity/patches/patch-bb b/audio/audacity/patches/patch-bb
new file mode 100644
index 00000000000..7c10a3a6f8e
--- /dev/null
+++ b/audio/audacity/patches/patch-bb
@@ -0,0 +1,13 @@
+$NetBSD: patch-bb,v 1.1 2009/01/13 12:38:49 drochner Exp $
+
+--- lib-src/allegro/strparse.h.orig	2006-11-15 05:12:11.000000000 +0100
++++ lib-src/allegro/strparse.h
+@@ -10,7 +10,7 @@ public:
+     }
+     void skip_space();
+     char peek();
+-    void get_nonspace_quoted(char *field);
++    void get_nonspace_quoted(char *field, int flen);
+ };
+ 
+ void string_escape(char *result, char *str, char *quote);
diff --git a/audio/audacity/patches/patch-bc b/audio/audacity/patches/patch-bc
new file mode 100644
index 00000000000..3524f5ddf86
--- /dev/null
+++ b/audio/audacity/patches/patch-bc
@@ -0,0 +1,30 @@
+$NetBSD: patch-bc,v 1.1 2009/01/13 12:38:49 drochner Exp $
+
+--- ./lib-src/allegro/allegrord.cpp.orig	2006-11-15 05:12:11.000000000 +0100
++++ ./lib-src/allegro/allegrord.cpp
+@@ -109,10 +109,10 @@ bool Allegro_reader::parse()
+         bool new_note_flag = false;  // "A"-"G" syntax
+         int new_note = 0;
+         Parameters_ptr attributes = NULL;
+-        line_parser.get_nonspace_quoted(field);
++        line_parser.get_nonspace_quoted(field, field_max);
+         char pk = line_parser.peek();
+         if (pk && !isspace(pk)) {
+-            line_parser.get_nonspace_quoted(field + strlen(field));
++            line_parser.get_nonspace_quoted(field + strlen(field), field_max - strlen(field));
+         }
+         while (field[0]) {
+             // print "field", "|";field;"|", "|";line_parser.string;"|", line_parser.pos
+@@ -203,10 +203,10 @@ bool Allegro_reader::parse()
+             if (error_flag) {
+                 field[0] = 0; // exit the loop
+             } else {
+-                line_parser.get_nonspace_quoted(field);
++                line_parser.get_nonspace_quoted(field, field_max);
+                 pk = line_parser.peek();
+                 if (pk && !isspace(pk)) {
+-                    line_parser.get_nonspace_quoted(field + strlen(field));
++                    line_parser.get_nonspace_quoted(field + strlen(field), field_max - strlen(field));
+                 }
+             }
+         }
author	drochner <drochner>	2009-01-13 12:38:49 +0000
committer	drochner <drochner>	2009-01-13 12:38:49 +0000
commit	530d891ae508321b11b718fd5b981925fc8eb609 (patch)
tree	1baf84e7a14878169617de7e8376de62fb9b2127 /audio/audacity
parent	ca5d700d1a532711a10dd1bb682ef39ba0a52282 (diff)
download	pkgsrc-530d891ae508321b11b718fd5b981925fc8eb609.tar.gz