Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sci-astronomy/funtools/files/funtools-1.4.4-fix-crashes.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sci-astronomy/funtools/files/funtools-1.4.4-fix-crashes.patch')
-rw-r--r--sci-astronomy/funtools/files/funtools-1.4.4-fix-crashes.patch99
1 files changed, 99 insertions, 0 deletions
diff --git a/sci-astronomy/funtools/files/funtools-1.4.4-fix-crashes.patch b/sci-astronomy/funtools/files/funtools-1.4.4-fix-crashes.patch
new file mode 100644
index 000000000000..75d69089ef13
--- /dev/null
+++ b/sci-astronomy/funtools/files/funtools-1.4.4-fix-crashes.patch
@@ -0,0 +1,99 @@
+Author: Ole Streicher <debian@liska.ath.cx>
+Description: Check cmd line arguments for illegal input that caused crashes
+ found with the "Mayhem" tool.
+Bug: http://bugs.debian.org/715928
+Bug: http://bugs.debian.org/715929
+--- a/funjoin.c
++++ b/funjoin.c
+@@ -737,7 +737,7 @@ main(argc, argv)
+ case 'a':
+ if( argv[i][2] ){
+ j = atoi(&argv[i][2])-1;
+- if( (j >= 0) && (j < MAXIFILE) ){
++ if( (j >= 0) && (j < MAXIFILE) && (i < argc-1)){
+ files[j].actstr = argv[++i];
+ }
+ else{
+@@ -751,7 +751,7 @@ main(argc, argv)
+ case 'b':
+ if( argv[i][2] ){
+ j = atoi(&argv[i][2])-1;
+- if( (j >= 0) && (j < MAXIFILE) ){
++ if( (j >= 0) && (j < MAXIFILE) && (i < argc-1)){
+ files[j].bstr = argv[++i];
+ }
+ else{
+@@ -765,7 +765,7 @@ main(argc, argv)
+ case 'j':
+ if( argv[i][2] ){
+ j = atoi(&argv[i][2])-1;
+- if( (j >= 0) && (j < MAXIFILE) ){
++ if( (j >= 0) && (j < MAXIFILE) && (i < argc-1)){
+ files[j].jname = argv[++i];
+ }
+ else{
+@@ -773,25 +773,35 @@ main(argc, argv)
+ }
+ }
+ else{
+- defcol = argv[++i];
++ if (i < argc-1) {
++ defcol = argv[++i];
++ }
+ }
+ break;
+ case 'm':
+- minmatch = atoi(argv[++i])+1;
++ if (i < argc-1) {
++ minmatch = atoi(argv[++i])+1;
++ }
+ if( minmatch < 1 ) minmatch = 1;
+ break;
+ case 'M':
+- maxmatch = atoi(argv[++i])+1;
++ if (i < argc-1) {
++ maxmatch = atoi(argv[++i])+1;
++ }
+ if( maxmatch < 1 ) maxmatch = 1;
+ break;
+ case 's':
+ jfiles = JFILES_COL;
+ break;
+ case 'S':
+- jfiles = argv[++i];
++ if (i < argc-1) {
++ jfiles = argv[++i];
++ }
+ break;
+ case 't':
+- tol = atof(argv[++i]);
++ if (i < argc-1) {
++ tol = atof(argv[++i]);
++ }
+ if( tol <= 0 ){
+ gerror(stderr, "tolerance value must be positive\n");
+ }
+--- a/funimage.c
++++ b/funimage.c
+@@ -338,12 +338,16 @@ main(argc, argv)
+ t = strchr(s, ',');
+ strncat(newname, s, t-s);
+ strncat(newname, ",y:", SZ_LINE-strlen(newname));
+- s = ++t;
+- t = strchr(s, ',');
+- strncat(newname, s, t-s);
++ if (t != NULL) {
++ s = ++t;
++ t = strchr(s, ',');
++ strncat(newname, s, t-s);
++ }
+ strncat(newname, "),", SZ_LINE-strlen(newname));
+- s = ++t;
+- strncat(newname, s, SZ_LINE-strlen(newname));
++ if (t != NULL) {
++ s = ++t;
++ strncat(newname, s, SZ_LINE-strlen(newname));
++ }
+ iname = newname;
+ }
+