From 47bb0a495932cf6c685648a2b6e49b2111a507fb Mon Sep 17 00:00:00 2001 From: Tatsuya Kinoshita Date: Sun, 28 Feb 2021 16:56:01 +0900 Subject: New patch 040_libwc-overflow.patch to fix integer overflow in libwc --- debian/patches/040_libwc-overflow.patch | 29 +++++++++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 30 insertions(+) create mode 100644 debian/patches/040_libwc-overflow.patch (limited to 'debian') diff --git a/debian/patches/040_libwc-overflow.patch b/debian/patches/040_libwc-overflow.patch new file mode 100644 index 0000000..ab6fd8b --- /dev/null +++ b/debian/patches/040_libwc-overflow.patch @@ -0,0 +1,29 @@ +Subject: Prevent unintentional integer overflow in libwc +Author: Tatsuya Kinoshita + +diff --git a/libwc/utf7.c b/libwc/utf7.c +index 44a3330..874bc3d 100644 +--- a/libwc/utf7.c ++++ b/libwc/utf7.c +@@ -73,7 +73,7 @@ wc_conv_from_utf7(Str is, wc_ces ces) + ; + if (p == ep) + return is; +- os = Strnew_size(is->length * 4 / 3); ++ os = Strnew_size(is->length + is->length / 3); + if (p > sp) + Strcat_charp_n(os, is->ptr, (int)(p - sp)); + +diff --git a/libwc/utf8.c b/libwc/utf8.c +index e523139..c878499 100644 +--- a/libwc/utf8.c ++++ b/libwc/utf8.c +@@ -150,7 +150,7 @@ wc_conv_from_utf8(Str is, wc_ces ces) + ; + if (p == ep) + return is; +- os = Strnew_size(is->length * 4 / 3); ++ os = Strnew_size(is->length + is->length / 3); + if (p > sp) + Strcat_charp_n(os, is->ptr, (int)(p - sp)); + diff --git a/debian/patches/series b/debian/patches/series index b829509..043b91c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 010_section.patch 020_ssl-ca.patch 030_str-overflow.patch +040_libwc-overflow.patch -- cgit v1.2.3