rpms / graphviz

Clone
Source Code
GIT

Blame SOURCES/graphviz-2.30.1-CVE-2014-1236.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   1b1b58e782cdaa4802548c07344de595b0395cb0
  2.   SOURCES
  3.   graphviz-2.30.1-CVE-2014-1236.patch
Blob History Raw
d3d782 
From 1d1bdec6318746f6f19f245db589eddc887ae8ff Mon Sep 17 00:00:00 2001
d3d782 
From: "Emden R. Gansner" <erg@alum.mit.edu>
d3d782 
Date: Wed, 8 Jan 2014 11:31:04 -0500
d3d782 
Subject: [PATCH] Fix possible buffer overflow problem in chkNum of scanner.
d3d782
d3d782 
---
d3d782 
 lib/cgraph/scan.l | 35 ++++++++++++++++++++++++++---------
d3d782 
 1 file changed, 26 insertions(+), 9 deletions(-)
d3d782
d3d782 
diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
d3d782 
index 212967c..d065b61 100644
d3d782 
--- a/lib/cgraph/scan.l
d3d782 
+++ b/lib/cgraph/scan.l
d3d782 
@@ -129,15 +129,32 @@ static void ppDirective (void)
d3d782 
  * and report this to the user.
d3d782 
  */
d3d782 
 static int chkNum(void) {
d3d782 
-  unsigned char	c = (unsigned char)yytext[yyleng-1];   /* last character */
d3d782 
-  if (!isdigit(c) && (c != '.')) {  /* c is letter */
d3d782 
-	char	buf[BUFSIZ];
d3d782 
-	sprintf(buf,"syntax error - badly formed number '%s' in line %d of %s\n",yytext,line_num, InputFile);
d3d782 
-    strcat (buf, "splits into two name tokens\n");
d3d782 
-	agerr(AGWARN,buf);
d3d782 
-    return 1;
d3d782 
-  }
d3d782 
-  else return 0;
d3d782 
+    unsigned char c = (unsigned char)yytext[yyleng-1];   /* last character */
d3d782 
+    if (!isdigit(c) && (c != '.')) {  /* c is letter */
d3d782 
+	unsigned char xbuf[BUFSIZ];
d3d782 
+	char buf[BUFSIZ];
d3d782 
+	agxbuf  xb;
d3d782 
+	char* fname;
d3d782 
+
d3d782 
+	if (InputFile)
d3d782 
+	    fname = InputFile;
d3d782 
+	else
d3d782 
+	    fname = "input";
d3d782 
+
d3d782 
+	agxbinit(&xb, BUFSIZ, xbuf);
d3d782 
+
d3d782 
+	agxbput(&xb,"syntax ambiguity - badly delimited number '");
d3d782 
+	agxbput(&xb,yytext);
d3d782 
+	sprintf(buf,"' in line %d of ", line_num);
d3d782 
+	agxbput(&xb,buf);
d3d782 
+	agxbput(&xb,fname);
d3d782 
+	agxbput(&xb, " splits into two tokens\n");
d3d782 
+	agerr(AGWARN,agxbuse(&xb));
d3d782 
+
d3d782 
+	agxbfree(&xb;;
d3d782 
+	return 1;
d3d782 
+    }
d3d782 
+    else return 0;
d3d782 
 }
d3d782
d3d782 
 /* The LETTER class below consists of ascii letters, underscore, all non-ascii
d3d782 
--
d3d782 
1.8.5.1
d3d782

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation