guix-play/gnu/packages/patches/plib-CVE-2012-4552.patch
Efraim Flashner 05f386f103
gnu: plib: Fix CVE-2011-4620, CVE-2012-4552.
* gnu/packages/game-development.scm (plib)[patches]: Add patches.
* gnu/packages/patches/plib-CVE-2011-4620.patch,
gnu/packages/patches/plib-CVE-2012-4552.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.
2019-07-10 12:45:34 +03:00

58 lines
1.5 KiB
Diff

https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/05_CVE-2012-4552.diff
diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx
--- plib-1.8.5/src/ssg/ssgParser.cxx~ 2008-03-11 03:06:23.000000000 +0100
+++ plib-1.8.5/src/ssg/ssgParser.cxx 2012-11-01 15:33:12.424483374 +0100
@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form
char msgbuff[ 255 ];
va_list argp;
- char* msgptr = msgbuff;
- if (linenum)
- {
- msgptr += sprintf ( msgptr,"%s, line %d: ",
- path, linenum );
- }
-
va_start( argp, format );
- vsprintf( msgptr, format, argp );
+ vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
va_end( argp );
- ulSetError ( UL_WARNING, "%s", msgbuff ) ;
+ if (linenum)
+ {
+ ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ;
+ } else {
+ ulSetError ( UL_WARNING, "%s", msgbuff ) ;
+ }
}
@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo
char msgbuff[ 255 ];
va_list argp;
- char* msgptr = msgbuff;
- if (linenum)
- {
- msgptr += sprintf ( msgptr,"%s, line %d: ",
- path, linenum );
- }
-
va_start( argp, format );
- vsprintf( msgptr, format, argp );
+ vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
va_end( argp );
- ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
+ if (linenum)
+ {
+ ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ;
+ } else {
+ ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
+ }
}
// Opens the file and does a few internal calculations based on the spec.