From: Ming Liu Date: Fri, 16 May 2025 08:17:31 +0000 (+0200) Subject: zip: fix a buffer overflow detected issue X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2f3eeaedc0ea896f5f5b23f756056331b1647cf;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git zip: fix a buffer overflow detected issue A "buffer overflow detected" issue was observed as follows: | *** buffer overflow detected ***: terminated | | zip error: Interrupted (aborting) This issue is addressed by: https://bugzilla.redhat.com/show_bug.cgi?id=2165653 Port the fix. Signed-off-by: Ming Liu Signed-off-by: Mathieu Dubois-Briand --- diff --git a/meta/recipes-extended/zip/zip-3.0/0001-fileio.c-fix-a-buffer-overflow-detected-issue.patch b/meta/recipes-extended/zip/zip-3.0/0001-fileio.c-fix-a-buffer-overflow-detected-issue.patch new file mode 100644 index 0000000000..d760dfcec5 --- /dev/null +++ b/meta/recipes-extended/zip/zip-3.0/0001-fileio.c-fix-a-buffer-overflow-detected-issue.patch @@ -0,0 +1,38 @@ +From 23b4ed82bff20c737fe2e95d5b035e92a9522ca2 Mon Sep 17 00:00:00 2001 +From: Ming Liu +Date: Thu, 15 May 2025 13:58:45 +0200 +Subject: [PATCH] fileio.c: fix a buffer overflow detected issue +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix a following issue: +| *** buffer overflow detected ***: terminated +| +| zip error: Interrupted (aborting) + +Reference: https://bugzilla.redhat.com/show_bug.cgi?id=2165653 + +Upstream-Status: Inactive-Upstream [the fix is from Redhat but not the official project] + +Signed-off-by: Ming Liu +--- + fileio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fileio.c b/fileio.c +index 1847e62..5a2959d 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_string) + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ +-- +2.43.0 + diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb index b573669f2f..27691bd89a 100644 --- a/meta/recipes-extended/zip/zip_3.0.bb +++ b/meta/recipes-extended/zip/zip_3.0.bb @@ -19,6 +19,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/Zip%203.x%20%28latest%29/3.0/zip30.tar. file://0001-configure-Specify-correct-function-signatures-and-de.patch \ file://0001-unix-configure-use-_Static_assert-to-do-correct-dete.patch \ file://0001-configure-Include-dirent.h-for-closedir-opendir-APIs.patch \ + file://0001-fileio.c-fix-a-buffer-overflow-detected-issue.patch \ " UPSTREAM_VERSION_UNKNOWN = "1"