summaryrefslogtreecommitdiff
path: root/extra
diff options
context:
space:
mode:
authorAndreas Baumann <mail@andreasbaumann.cc>2022-01-17 20:17:41 +0100
committerAndreas Baumann <mail@andreasbaumann.cc>2022-01-17 20:17:41 +0100
commitc98b3e42412ebc575ab0c7f785172c66d8ffd196 (patch)
tree5c70e22584820b56fb03915c88fcef87bf600f36 /extra
parent9b2f6673ccd37ad3ec58b5f1167d3a148cbea1e1 (diff)
downloadpackages-c98b3e42412ebc575ab0c7f785172c66d8ffd196.tar.xz
extra/slang: backported array and checksum integer overflow patches from git
Diffstat (limited to 'extra')
-rw-r--r--extra/slang/PKGBUILD14
-rw-r--r--extra/slang/slang-2.3.2-chksum-memset.patch12
-rw-r--r--extra/slang/slang-2.3.2-integer-array-overflow.patch93
3 files changed, 119 insertions, 0 deletions
diff --git a/extra/slang/PKGBUILD b/extra/slang/PKGBUILD
new file mode 100644
index 00000000..5334396d
--- /dev/null
+++ b/extra/slang/PKGBUILD
@@ -0,0 +1,14 @@
+# 32-bit issues around arrays (fails a test) and a memset in checksumming
+# see upstream commits 7dfe53f and 68dd5e9
+source+=(slang-2.3.2-integer-array-overflow.patch slang-2.3.2-chksum-memset.patch)
+sha1sums+=('c64e55fc9713c61f7069408150f8123959652a54' '0bbe3eb3222d2fa2512b9591d6b1a88a5838d6a8')
+eval "$(
+ {
+ declare -f prepare || \
+ printf 'prepare() { cd ${srcdir}/${pkgname}-${pkgver}\n}\n'
+ } \
+ | sed '
+ $ i patch -p1 -i "$srcdir"/slang-2.3.2-integer-array-overflow.patch
+ $ i patch -p1 -i "$srcdir"/slang-2.3.2-chksum-memset.patch
+ '
+)"
diff --git a/extra/slang/slang-2.3.2-chksum-memset.patch b/extra/slang/slang-2.3.2-chksum-memset.patch
new file mode 100644
index 00000000..6c39637f
--- /dev/null
+++ b/extra/slang/slang-2.3.2-chksum-memset.patch
@@ -0,0 +1,12 @@
+diff -rauN slang-2.3.2/modules/chksum-module.c slang-2.3.2-chksum-memset-patch/modules/chksum-module.c
+--- slang-2.3.2/modules/chksum-module.c 2018-03-05 00:16:36.000000000 +0100
++++ slang-2.3.2-chksum-memset-patch/modules/chksum-module.c 2022-01-17 19:51:00.277766857 +0100
+@@ -103,7 +103,7 @@
+ obj = (Chksum_Object_Type *)SLmalloc (sizeof (Chksum_Object_Type));
+ if (obj == NULL)
+ return;
+- memset ((char *)obj, 0, sizeof(SLChksum_Type));
++ memset ((char *)obj, 0, sizeof(Chksum_Object_Type));
+
+ obj->numrefs = 1;
+ if (NULL == (obj->c = t->create (name)))
diff --git a/extra/slang/slang-2.3.2-integer-array-overflow.patch b/extra/slang/slang-2.3.2-integer-array-overflow.patch
new file mode 100644
index 00000000..2b30d219
--- /dev/null
+++ b/extra/slang/slang-2.3.2-integer-array-overflow.patch
@@ -0,0 +1,93 @@
+diff -rauN slang-2.3.2/src/slarray.c slang-2.3.2-integer-array-overflow-patch/src/slarray.c
+--- slang-2.3.2/src/slarray.c 2018-03-05 00:16:36.000000000 +0100
++++ slang-2.3.2-integer-array-overflow-patch/src/slarray.c 2022-01-17 19:48:27.177748577 +0100
+@@ -22,6 +22,7 @@
+
+ #include "slinclud.h"
+ #include <math.h>
++#include <limits.h>
+
+ /* #define SL_APP_WANTS_FOREACH */
+ #include "slang.h"
+@@ -312,6 +313,26 @@
+ free_array (at);
+ }
+
++/* Here, a and b are assumed to be non-negative */
++static int check_overflow_mult_i (SLindex_Type a, SLindex_Type b, SLindex_Type *cp)
++{
++ if ((a < 0) || (b < 0) || ((b > 0) && (a > INT_MAX/b)))
++ return -1;
++
++ *cp = a*b;
++
++ return 0;
++}
++
++static int check_overflow_mult_ui (SLuindex_Type a, SLindex_Type b, SLuindex_Type *cp)
++{
++ if ((b < 0) || ((b > 0) && (a > UINT_MAX/(SLuindex_Type)b)))
++ return -1;
++
++ *cp = a*(SLuindex_Type)b;
++ return 0;
++}
++
+ SLang_Array_Type *
+ SLang_create_array1 (SLtype type, int read_only, VOID_STAR data,
+ SLindex_Type *dims, unsigned int num_dims, int no_init)
+@@ -366,16 +387,14 @@
+ num_elements = 1;
+ for (i = 0; i < num_dims; i++)
+ {
+- SLindex_Type new_num_elements;
+ at->dims[i] = dims[i];
+- new_num_elements = dims[i] * num_elements;
+- if (dims[i] && (new_num_elements/dims[i] != num_elements))
++
++ if (-1 == check_overflow_mult_i (num_elements, dims[i], &num_elements))
+ {
+ throw_size_error (SL_Index_Error);
+ free_array (at);
+ return NULL;
+ }
+- num_elements = new_num_elements;
+ }
+
+ /* Now set the rest of the unused dimensions to 1. This makes it easier
+@@ -395,8 +414,10 @@
+ return at;
+ }
+
+- size = (num_elements * sizeof_type);
+- if ((size/sizeof_type != num_elements) || (size < 0))
++ /* SLmalloc is currently limited to the use of unsigned integers.
++ * So include the size of the type as well.
++ */
++ if (-1 == check_overflow_mult_i (num_elements, sizeof_type, &size))
+ {
+ throw_size_error (SL_INVALID_PARM);
+ free_array (at);
+@@ -1103,7 +1124,6 @@
+ total_num_elements = 1;
+ for (i = 0; i < num_indices; i++)
+ {
+- SLuindex_Type new_total_num_elements;
+ SLang_Object_Type *obj = index_objs + i;
+ range_delta_buf [i] = 0;
+
+@@ -1145,13 +1165,11 @@
+ }
+ }
+
+- new_total_num_elements = total_num_elements * max_dims[i];
+- if (max_dims[i] && (new_total_num_elements/max_dims[i] != total_num_elements))
++ if (-1 == check_overflow_mult_ui (total_num_elements, max_dims[i], &total_num_elements))
+ {
+ throw_size_error (SL_INVALID_PARM);
+ return -1;
+ }
+- total_num_elements = new_total_num_elements;
+ }
+
+ *num_elements = total_num_elements;