diff options
-rw-r--r-- | archivers/unzoo/Makefile | 3 | ||||
-rw-r--r-- | archivers/unzoo/distinfo | 3 | ||||
-rw-r--r-- | archivers/unzoo/patches/patch-unzoo.c | 41 |
3 files changed, 45 insertions, 2 deletions
diff --git a/archivers/unzoo/Makefile b/archivers/unzoo/Makefile index 2dfdfcc68a5..57e403d1452 100644 --- a/archivers/unzoo/Makefile +++ b/archivers/unzoo/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.14 2014/10/09 14:05:54 wiz Exp $ +# $NetBSD: Makefile,v 1.15 2020/03/26 22:29:47 rillig Exp $ # DISTNAME= unzoo.c PKGNAME= unzoo-4.4 +PKGREVISION= 1 CATEGORIES= archivers MASTER_SITES= # no dist site available EXTRACT_SUFX= # empty diff --git a/archivers/unzoo/distinfo b/archivers/unzoo/distinfo index 68ecdf9021c..38f489e1685 100644 --- a/archivers/unzoo/distinfo +++ b/archivers/unzoo/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.3 2015/11/03 00:56:26 agc Exp $ +$NetBSD: distinfo,v 1.4 2020/03/26 22:29:47 rillig Exp $ SHA1 (unzoo.c) = 99a6e9922ccdf5d454c78d3a514d5e33ae17562d RMD160 (unzoo.c) = f7cf751dc865e73d3c51e4476dd2472e409b20ff SHA512 (unzoo.c) = d293e244e44af131702550ddefdd035e32de3e7228f6c1c805139d448ba96357931405d313405572c30fc7c8d2ff005cc0ffc4d0ad209f47ee9ec1217ccaed21 Size (unzoo.c) = 115328 bytes +SHA1 (patch-unzoo.c) = 5b652586c919a8a5a5498c00ae2330620af39ea4 diff --git a/archivers/unzoo/patches/patch-unzoo.c b/archivers/unzoo/patches/patch-unzoo.c new file mode 100644 index 00000000000..9c39b79a566 --- /dev/null +++ b/archivers/unzoo/patches/patch-unzoo.c @@ -0,0 +1,41 @@ +$NetBSD: patch-unzoo.c,v 1.1 2020/03/26 22:29:47 rillig Exp $ + +unzoo.c: In function 'IsMatchName': +unzoo.c:1268:40: error: array subscript has type 'char' [-Werror=char-subscripts] + else if ( *pat=='?' && ! IsSpec[*str] ) { pat++; str++; } + ^ +unzoo.c:1271:40: error: array subscript has type 'char' [-Werror=char-subscripts] + else if ( tmp != 0 && ! IsSpec[*tmp] ) { pat = pos; str = ++tmp; } + ^ + +This looks indeed like undefined behavior since the function IsMatchName +accepts arbitrary filenames, and filenames containing non-ASCII +characters would access the array outside of its bounds. + +On NetBSD-8.0-x86_64 using GCC 5.5.0 the memory below IsSpec is BufArch, +which means that pattern matching depended on the contents of the archive +before. + +--- unzoo.c.orig 2020-03-26 22:01:16.074248902 +0000 ++++ unzoo.c +@@ -244,6 +244,7 @@ + *H + */ + #include <stdio.h> ++#include <string.h> + + + /**************************************************************************** +@@ -1265,10 +1266,10 @@ int IsMatchName ( pat, str ) + /* try to match the name part */ + while ( *pat != '\0' || *str != '\0' ) { + if ( *pat==*str ) { pat++; str++; } +- else if ( *pat=='?' && ! IsSpec[*str] ) { pat++; str++; } ++ else if ( *pat=='?' && ! IsSpec[(unsigned char) *str] ) { pat++; str++; } + else if ( *pat=='?' && *str != '\0' ) { pat++; str++; } + else if ( *pat=='*' ) { pos = ++pat; tmp = str; } +- else if ( tmp != 0 && ! IsSpec[*tmp] ) { pat = pos; str = ++tmp; } ++ else if ( tmp != 0 && ! IsSpec[(unsigned char) *tmp] ) { pat = pos; str = ++tmp; } + else break; + } + return *pat == '\0' && *str == '\0'; |