upstream/oracle/userland-gate: components/graphviz/patches/005-10a1322-format-string.patch@08a4029cbd6c (annotated)

6544 f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	1	From 10a132289ffe4ed9a398bebca13cb41c1006bd13 Mon Sep 17 00:00:00 2001
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	2	From: Tomas Hoger <[email protected]>
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	3	Date: Wed, 20 May 2015 11:22:11 +0200
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	4	Subject: [PATCH 2/2] Additional agerr() format string fixes
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	5
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	6	Similar to commit 99eda42, ensure the second argument to agerr() is
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	7	fixed string with no user inputs. Change applied to:
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	8
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	9	* cmd/tools/gmlscan.l - unclear if this can be exploited in practice, as
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	10	only yytext can possibly hold format string
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	11	* lib/graph/lexer.c - format string can be injected via graph file
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	12	content. Note that libgraph is deprecated as of version 2.30.0, so
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	13	this fix is more relevant for older graphviz versions.
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	14	---
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	15	cmd/tools/gmlscan.l \| 2 +-
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	16	lib/graph/lexer.c \| 6 +++---
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	17	2 files changed, 4 insertions(+), 4 deletions(-)
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	18
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	19	diff --git a/cmd/tools/gmlscan.l b/cmd/tools/gmlscan.l
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	20	index ea8db0f..e83ca4f 100644
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	21	--- a/cmd/tools/gmlscan.l
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	22	+++ b/cmd/tools/gmlscan.l
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	23	@@ -127,7 +127,7 @@ void yyerror(char *str)
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	24	return;
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	25	errors = 1;
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	26	sprintf(buf," %s in line %d near '%s'\n", str,line_num,yytext);
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	27	- agerr(AGWARN,buf);
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	28	+ agerr(AGWARN, "%s", buf);
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	29	}
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	30
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	31	int gmlerrors()
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	32	diff --git a/lib/graph/lexer.c b/lib/graph/lexer.c
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	33	index 05452c8..790563b 100644
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	34	--- a/lib/graph/lexer.c
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	35	+++ b/lib/graph/lexer.c
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	36	@@ -460,16 +460,16 @@ static void error_context(void)
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	37	if (buf < p) {
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	38	c = *p;
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	39	*p = '\0';
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	40	- agerr(AGPREV, buf);
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	41	+ agerr(AGPREV, "%s", buf);
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	42	*p = c;
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	43	}
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	44	agerr(AGPREV, " >>> ");
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	45	c = *LexPtr;
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	46	*LexPtr = '\0';
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	47	- agerr(AGPREV, p);
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	48	+ agerr(AGPREV, "%s", p);
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	49	*LexPtr = c;
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	50	agerr(AGPREV, " <<< ");
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	51	- agerr(AGPREV, LexPtr);
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	52	+ agerr(AGPREV, "%s", LexPtr);
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	53	}
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	54
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	55	void agerror(char *msg)
f3ddf1d33382 21465165 problem in UTILITY/GRAPHVIZ Yiteng Zhang <yiteng.zhang@oracle.com> parents: diff changeset	56

author	Mike Sullivan <Mike.Sullivan@Oracle.COM>
	Tue, 11 Oct 2016 16:58:27 -0700
changeset 7091	08a4029cbd6c
parent 6544	f3ddf1d33382
permissions	-rw-r--r--