From bc4decbc5f6370fb41dcd16e4ae50b4bded8fc16 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Tue, 21 Mar 2017 17:04:02 +0100 Subject: [PATCH] Add fix for off by one adding DW_FORM_string replacement (#1434347) --- ...f-by-one-adding-DW_FORM_string-repla.patch | 51 +++++++++++++++++++ rpm.spec | 6 ++- 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 0021-debugedit-Fix-off-by-one-adding-DW_FORM_string-repla.patch diff --git a/0021-debugedit-Fix-off-by-one-adding-DW_FORM_string-repla.patch b/0021-debugedit-Fix-off-by-one-adding-DW_FORM_string-repla.patch new file mode 100644 index 0000000..a8e016c --- /dev/null +++ b/0021-debugedit-Fix-off-by-one-adding-DW_FORM_string-repla.patch @@ -0,0 +1,51 @@ +From e6cbf971242e424264711f9ffad57eee7f6d6f67 Mon Sep 17 00:00:00 2001 +From: Mark Wielaard +Date: Tue, 21 Mar 2017 16:46:37 +0100 +Subject: [PATCH] debugedit: Fix off-by-one adding DW_FORM_string replacement + slashes. + +We would put one too many slashes in between the new dest_dir and file name +part of the replacement of a DW_FORM_string in the .debug_info. If there +was file part then we would overwrite the first character of the name. If +there was no file part at all then this would overwrite the zero terminator +and cause a crash reading the rest of the data. + +A crash did happen while building the docker package on fedora s390x. +https://bugzilla.redhat.com/show_bug.cgi?id=1434347 + +The reason neither issue would normally trigger is because if we do detect +that the dest_dir is larger than the base_dir we refuse to replace anything. + +Signed-off-by: Mark Wielaard +--- + tools/debugedit.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/tools/debugedit.c b/tools/debugedit.c +index 0f37316..b618dce 100644 +--- a/tools/debugedit.c ++++ b/tools/debugedit.c +@@ -1507,12 +1507,16 @@ edit_attributes (DSO *dso, unsigned char *ptr, struct abbrev_tag *t, int phase) + comp_dir, base_dir, dest_dir); + else + { +- /* Add one or more slashes in between to +- fill up all space (replacement must be +- of the same length). */ ++ /* Add zero (if no file part), one or more ++ slashes in between the new dest_dir and the ++ file name to fill up all space (replacement ++ DW_FORM_string must be of the same length). ++ We don't need to copy the old file name (if ++ any) or the zero terminator, because those ++ are already at the end of the string. */ + memcpy (ptr, dest_dir, dest_len); + memset (ptr + dest_len, '/', +- orig_len - new_len + 1); ++ orig_len - new_len); + } + } + } +-- +1.8.3.1 + diff --git a/rpm.spec b/rpm.spec index 95cf5a1..b9b1d09 100644 --- a/rpm.spec +++ b/rpm.spec @@ -29,7 +29,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: %{?snapver:0.%{snapver}.}13%{?dist} +Release: %{?snapver:0.%{snapver}.}14%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2 @@ -92,6 +92,7 @@ Patch266: 0017-do-not-process-buildi-ds-for-noarch.patch Patch267: 0018-update-build-id-endian.patch Patch268: 0019-fix-sed-build-id-match-test.patch Patch269: 0020-build-files-exec-build-id.patch +Patch270: 0021-debugedit-Fix-off-by-one-adding-DW_FORM_string-repla.patch # OpenSSL backend Patch300: 0001-Add-OpenSSL-support-for-digest-and-signatures.patch @@ -596,6 +597,9 @@ exit 0 %doc doc/librpm/html/* %changelog +* Tue Mar 21 2017 Mark Wielaard - 4.13.0.1-14 +- Add fix for off by one adding DW_FORM_string replacement (#1434347). + * Mon Mar 20 2017 Mark Wielaard - 4.13.0.1-13 - Add tests fix for sed file build-id regexp matching. - Add fix for build-ids in non-executable ELF files (#1433837).