[people/pmueller/ipfire-2.x.git] / src / patches / bash / bash51-009

			     BASH PATCH REPORT
			     =================

Bash-Release:	5.1
Patch-ID:	bash51-009

Bug-Reported-by:	Julien Moutinho <julm+bash@sourcephile.fr>
Bug-Reference-ID:	<20211004035906.5kiobuzkpeckmvwg@sourcephile.fr>
Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2021-10/msg00022.html

Bug-Description:

The bash malloc implementation of malloc_usable_size() does not follow the
specification. This can cause library functions that use it to overwrite
memory bounds checking.

Patch (apply with `patch -p0'):

*** ../bash-5.1-patched/lib/malloc/malloc.c	2020-07-08 10:19:30.000000000 -0400
--- lib/malloc/malloc.c	2021-10-05 16:10:55.000000000 -0400
***************
*** 1287,1297 ****
      }
  
!   /* XXX - should we return 0 if ISFREE? */
!   maxbytes = binsize(p->mh_index);
! 
!   /* So the usable size is the maximum number of bytes in the bin less the
!      malloc overhead */
!   maxbytes -= MOVERHEAD + MSLOP;
!   return (maxbytes);
  }
  
--- 1358,1367 ----
      }
  
!   /* return 0 if ISFREE */
!   if (p->mh_alloc == ISFREE)
!     return 0;
!   
!   /* Since we use bounds checking, the usable size is the last requested size. */
!   return (p->mh_nbytes);
  }
  
*** ../bash-5.1/patchlevel.h	2020-06-22 14:51:03.000000000 -0400
--- patchlevel.h	2020-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 8
  
  #endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
     looks for to find the patch level (for the sccs version string). */
  
! #define PATCHLEVEL 9
  
  #endif /* _PATCHLEVEL_H_ */
Commit	Line	Data
725ffd6f AB	1	BASH PATCH REPORT
	2	=================
	3
	4	Bash-Release: 5.1
	5	Patch-ID: bash51-009
	6
	7	Bug-Reported-by: Julien Moutinho <julm+bash@sourcephile.fr>
	8	Bug-Reference-ID: <20211004035906.5kiobuzkpeckmvwg@sourcephile.fr>
	9	Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2021-10/msg00022.html
	10
	11	Bug-Description:
	12
	13	The bash malloc implementation of malloc_usable_size() does not follow the
	14	specification. This can cause library functions that use it to overwrite
	15	memory bounds checking.
	16
	17	Patch (apply with `patch -p0'):
	18
	19	*** ../bash-5.1-patched/lib/malloc/malloc.c 2020-07-08 10:19:30.000000000 -0400
	20	--- lib/malloc/malloc.c 2021-10-05 16:10:55.000000000 -0400
	21	***************
	22	* 1287,1297 **
	23	}
	24
	25	! /* XXX - should we return 0 if ISFREE? */
	26	! maxbytes = binsize(p->mh_index);
	27	!
	28	! /* So the usable size is the maximum number of bytes in the bin less the
	29	! malloc overhead */
	30	! maxbytes -= MOVERHEAD + MSLOP;
	31	! return (maxbytes);
	32	}
	33
	34	--- 1358,1367 ----
	35	}
	36
	37	! /* return 0 if ISFREE */
	38	! if (p->mh_alloc == ISFREE)
	39	! return 0;
	40	!
	41	! /* Since we use bounds checking, the usable size is the last requested size. */
	42	! return (p->mh_nbytes);
	43	}
	44
	45	*** ../bash-5.1/patchlevel.h 2020-06-22 14:51:03.000000000 -0400
	46	--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400
	47	***************
	48	* 26,30 **
	49	looks for to find the patch level (for the sccs version string). */
	50
	51	! #define PATCHLEVEL 8
	52
	53	#endif /* _PATCHLEVEL_H_ */
	54	--- 26,30 ----
	55	looks for to find the patch level (for the sccs version string). */
	56
	57	! #define PATCHLEVEL 9
	58
	59	#endif /* _PATCHLEVEL_H_ */