guix-play/gnu/packages/patches/libcaca-CVE-2021-3410-pt2.patch
Efraim Flashner fe830ffd8d
gnu: libcaca: Patch for CVE-2021-3410.
* gnu/packages/video.scm (libcaca)[source]: Add patches.
* gnu/packages/patches/libcaca-CVE-2021-3410-pt1.patch,
gnu/packages/patches/libcaca-CVE-2021-3410-pt2.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.
2021-03-08 15:48:08 +02:00

97 lines
3.4 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015.patch
Patch adjusted to remove the lines modifying caca/t/canvas.cpp. This file does not exist in the current release.
From e4968ba6e93e9fd35429eb16895c785c51072015 Mon Sep 17 00:00:00 2001
From: Sam Hocevar <sam@hocevar.net>
Date: Fri, 26 Feb 2021 12:40:06 +0100
Subject: [PATCH] Fix a problem in the caca_resize() overflow detection and add
several unit tests.
---
caca/canvas.c | 16 ++++++++--------
caca/t/canvas.cpp | 18 +++++++++++++++---
tools/makefont.c | 22 +++++++++++++++++++---
3 files changed, 42 insertions(+), 14 deletions(-)
diff --git a/caca/canvas.c b/caca/canvas.c
index d0715392..08c628c9 100644
--- a/caca/canvas.c
+++ b/caca/canvas.c
@@ -367,6 +367,14 @@ int caca_resize(caca_canvas_t *cv, int width, int height)
{
int x, y, f, old_width, old_height, old_size;
+ /* Check for overflow */
+ int new_size = width * height;
+ if (new_size < 0 || (width > 0 && new_size / width != height))
+ {
+ seterrno(EOVERFLOW);
+ return -1;
+ }
+
old_width = cv->width;
old_height = cv->height;
old_size = old_width * old_height;
@@ -377,14 +385,6 @@ int caca_resize(caca_canvas_t *cv, int width, int height)
* dirty rectangle handling */
cv->width = width;
cv->height = height;
- int new_size = width * height;
-
- /* Check for overflow */
- if (new_size / width != height)
- {
- seterrno(EOVERFLOW);
- return -1;
- }
/* If width or height is smaller (or both), we have the opportunity to
* reduce or even remove dirty rectangles */
diff --git a/tools/makefont.c b/tools/makefont.c
index 226c8838..66718605 100644
--- a/tools/makefont.c
+++ b/tools/makefont.c
@@ -40,7 +40,8 @@
* and the UTF-8 glyphs necessary for canvas rotation and mirroring. */
static unsigned int const blocklist[] =
{
- 0x0000, 0x0080, /* Basic latin: A, B, C, a, b, c */
+ 0x0020, 0x0080, /* Basic latin: A, B, C, a, b, c */
+#if 0
0x0080, 0x0100, /* Latin-1 Supplement: Ä, Ç, å, ß */
0x0100, 0x0180, /* Latin Extended-A: Ā č Ō œ */
0x0180, 0x0250, /* Latin Extended-B: Ǝ Ƹ */
@@ -63,6 +64,7 @@ static unsigned int const blocklist[] =
0x30a0, 0x3100, /* Katakana: ロ ル */
0xff00, 0xfff0, /* Halfwidth and Fullwidth Forms: , , , , , */
0x10400, 0x10450, /* Deseret: 𐐒 𐐋 */
+#endif
0, 0
};
@@ -317,8 +319,22 @@ int main(int argc, char *argv[])
printf_unicode(&gtab[n]);
if(gtab[n].same_as == n)
- printf_hex(" */ %s\n",
- glyph_data + gtab[n].data_offset, gtab[n].data_size);
+ {
+ char const *lut = " .:nmW@";
+ printf("\n");
+ for (int y = 0; y < height; ++y)
+ {
+ for (int x = 0; x < gtab[n].data_width; ++x)
+ {
+ int val = glyph_data[gtab[n].data_offset + y * gtab[n].data_width + x];
+ char ch = lut[val * val * 7 / 256 / 256];
+ printf("%c%c", ch, ch);
+ }
+ printf("\n");
+ }
+ //printf_hex(" */ %s\n",
+ // glyph_data + gtab[n].data_offset, gtab[n].data_size);
+ }
else
{
printf(" is ");