From c98b3e42412ebc575ab0c7f785172c66d8ffd196 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Mon, 17 Jan 2022 20:17:41 +0100
Subject: extra/slang: backported array and checksum integer overflow patches
 from git

---
 extra/slang/PKGBUILD                               | 14 ++++
 extra/slang/slang-2.3.2-chksum-memset.patch        | 12 +++
 .../slang/slang-2.3.2-integer-array-overflow.patch | 93 ++++++++++++++++++++++
 3 files changed, 119 insertions(+)
 create mode 100644 extra/slang/PKGBUILD
 create mode 100644 extra/slang/slang-2.3.2-chksum-memset.patch
 create mode 100644 extra/slang/slang-2.3.2-integer-array-overflow.patch

(limited to 'extra')

diff --git a/extra/slang/PKGBUILD b/extra/slang/PKGBUILD
new file mode 100644
index 00000000..5334396d
--- /dev/null
+++ b/extra/slang/PKGBUILD
@@ -0,0 +1,14 @@
+# 32-bit issues around arrays (fails a test) and a memset in checksumming
+# see upstream commits 7dfe53f and 68dd5e9
+source+=(slang-2.3.2-integer-array-overflow.patch slang-2.3.2-chksum-memset.patch)
+sha1sums+=('c64e55fc9713c61f7069408150f8123959652a54' '0bbe3eb3222d2fa2512b9591d6b1a88a5838d6a8')
+eval "$(
+  {
+    declare -f prepare || \
+    printf 'prepare() { cd ${srcdir}/${pkgname}-${pkgver}\n}\n'
+  } \
+  | sed '
+    $ i patch -p1 -i "$srcdir"/slang-2.3.2-integer-array-overflow.patch
+    $ i patch -p1 -i "$srcdir"/slang-2.3.2-chksum-memset.patch
+  '
+)"
diff --git a/extra/slang/slang-2.3.2-chksum-memset.patch b/extra/slang/slang-2.3.2-chksum-memset.patch
new file mode 100644
index 00000000..6c39637f
--- /dev/null
+++ b/extra/slang/slang-2.3.2-chksum-memset.patch
@@ -0,0 +1,12 @@
+diff -rauN slang-2.3.2/modules/chksum-module.c slang-2.3.2-chksum-memset-patch/modules/chksum-module.c
+--- slang-2.3.2/modules/chksum-module.c	2018-03-05 00:16:36.000000000 +0100
++++ slang-2.3.2-chksum-memset-patch/modules/chksum-module.c	2022-01-17 19:51:00.277766857 +0100
+@@ -103,7 +103,7 @@
+    obj = (Chksum_Object_Type *)SLmalloc (sizeof (Chksum_Object_Type));
+    if (obj == NULL)
+      return;
+-   memset ((char *)obj, 0, sizeof(SLChksum_Type));
++   memset ((char *)obj, 0, sizeof(Chksum_Object_Type));
+ 
+    obj->numrefs = 1;
+    if (NULL == (obj->c = t->create (name)))
diff --git a/extra/slang/slang-2.3.2-integer-array-overflow.patch b/extra/slang/slang-2.3.2-integer-array-overflow.patch
new file mode 100644
index 00000000..2b30d219
--- /dev/null
+++ b/extra/slang/slang-2.3.2-integer-array-overflow.patch
@@ -0,0 +1,93 @@
+diff -rauN slang-2.3.2/src/slarray.c slang-2.3.2-integer-array-overflow-patch/src/slarray.c
+--- slang-2.3.2/src/slarray.c	2018-03-05 00:16:36.000000000 +0100
++++ slang-2.3.2-integer-array-overflow-patch/src/slarray.c	2022-01-17 19:48:27.177748577 +0100
+@@ -22,6 +22,7 @@
+ 
+ #include "slinclud.h"
+ #include <math.h>
++#include <limits.h>
+ 
+ /* #define SL_APP_WANTS_FOREACH */
+ #include "slang.h"
+@@ -312,6 +313,26 @@
+    free_array (at);
+ }
+ 
++/* Here, a and b are assumed to be non-negative */
++static int check_overflow_mult_i (SLindex_Type a, SLindex_Type b, SLindex_Type *cp)
++{
++   if ((a < 0) || (b < 0) || ((b > 0) && (a > INT_MAX/b)))
++     return -1;
++
++   *cp = a*b;
++
++   return 0;
++}
++
++static int check_overflow_mult_ui (SLuindex_Type a, SLindex_Type b, SLuindex_Type *cp)
++{
++   if ((b < 0) || ((b > 0) && (a > UINT_MAX/(SLuindex_Type)b)))
++     return -1;
++
++   *cp = a*(SLuindex_Type)b;
++   return 0;
++}
++
+ SLang_Array_Type *
+ SLang_create_array1 (SLtype type, int read_only, VOID_STAR data,
+ 		     SLindex_Type *dims, unsigned int num_dims, int no_init)
+@@ -366,16 +387,14 @@
+    num_elements = 1;
+    for (i = 0; i < num_dims; i++)
+      {
+-	SLindex_Type new_num_elements;
+ 	at->dims[i] = dims[i];
+-	new_num_elements = dims[i] * num_elements;
+-	if (dims[i] && (new_num_elements/dims[i] != num_elements))
++
++	if (-1 == check_overflow_mult_i (num_elements, dims[i], &num_elements))
+ 	  {
+ 	     throw_size_error (SL_Index_Error);
+ 	     free_array (at);
+ 	     return NULL;
+ 	  }
+-	num_elements = new_num_elements;
+      }
+ 
+    /* Now set the rest of the unused dimensions to 1.  This makes it easier
+@@ -395,8 +414,10 @@
+ 	return at;
+      }
+ 
+-   size = (num_elements * sizeof_type);
+-   if ((size/sizeof_type != num_elements) || (size < 0))
++   /* SLmalloc is currently limited to the use of unsigned integers.
++    * So include the size of the type as well.
++    */
++   if (-1 == check_overflow_mult_i (num_elements, sizeof_type, &size))
+      {
+ 	throw_size_error (SL_INVALID_PARM);
+ 	free_array (at);
+@@ -1103,7 +1124,6 @@
+    total_num_elements = 1;
+    for (i = 0; i < num_indices; i++)
+      {
+-	SLuindex_Type new_total_num_elements;
+ 	SLang_Object_Type *obj = index_objs + i;
+ 	range_delta_buf [i] = 0;
+ 
+@@ -1145,13 +1165,11 @@
+ 	       }
+ 	  }
+ 
+-	new_total_num_elements = total_num_elements * max_dims[i];
+-	if (max_dims[i] && (new_total_num_elements/max_dims[i] != total_num_elements))
++	if (-1 == check_overflow_mult_ui (total_num_elements, max_dims[i], &total_num_elements))
+ 	  {
+ 	     throw_size_error (SL_INVALID_PARM);
+ 	     return -1;
+ 	  }
+-       total_num_elements = new_total_num_elements;
+      }
+ 
+    *num_elements = total_num_elements;
-- 
cgit v1.2.3