rpms / xscreensaver

Clone
Source Code
GIT

Files

5.45-prep cppcheck el6 epel7 epel8 epel9 experimental f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 fix-compile main rawhide update-ja-po
  1.   f22
  2.   xscreensaver-5.35-0003-hydrostat-fix-type-definition-in-cmp_squid.patch
Blob Blame History Raw 
From 055bb4a3fb2d9556e766c522ba0ef27f9042c275 Mon Sep 17 00:00:00 2001
From: XScreenSaver owners <mtasaka@fedoraproject.org>
Date: Tue, 7 Jun 2016 01:09:06 +0900
Subject: [PATCH] hydrostat: fix type definition in cmp_squid

gcc611 -fsanitize=address makes hydrostat abort as:

==28422==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000024538 at pc 0x55d4ef77ad94 bp 0x7ffda313fcc0 sp 0x7ffda313fcb0
READ of size 8 at 0x603000024538 thread T0
    #0 0x55d4ef77ad93 in cmp_squid ../../../hacks/glx/hydrostat.c:513
    #1 0x7f5449dd544d in msort_with_tmp.part.0 (/lib64/libc.so.6+0x3844d)
    #2 0x7f5449dd5116 in msort_with_tmp.part.0 (/lib64/libc.so.6+0x38116)
    #3 0x7f5449dd589e in qsort_r (/lib64/libc.so.6+0x3889e)
    #4 0x55d4ef781517 in draw_hydrostat ../../../hacks/glx/hydrostat.c:743
    #5 0x55d4ef78876a in xlockmore_draw ../../../hacks/glx/../xlockmore.c:499
    #6 0x55d4ef778be7 in run_screenhack_table ../../hacks/screenhack.c:573
    #7 0x55d4ef778be7 in main ../../hacks/screenhack.c:965
    #8 0x7f5449dbd730 in __libc_start_main (/lib64/libc.so.6+0x20730)
    #9 0x55d4ef77ab08 in _start (/home/tasaka1/rpmbuild/fedora-specific/xscreensaver/master/xscreensaver-5.35/x86_64-unknown-linux-gnu/hacks/glx/hydrostat+0x52b08)

0x603000024538 is located 0 bytes to the right of 24-byte region [0x603000024520,0x603000024538)
allocated by thread T0 here:
    #0 0x7f544d901f40 in calloc (/lib64/libasan.so.3+0xc6f40)
    #1 0x55d4ef781a88 in init_hydrostat ../../../hacks/glx/hydrostat.c:699

SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../hacks/glx/hydrostat.c:513 in cmp_squid

As man qsort(3p) says, the int (*compar)(const void *, const void *)) argument
is a pointer to the comparison function, so in cmp_squid,
the argument const void *aa must be casted into squid * const *,
not const squid * .
---
 hacks/glx/hydrostat.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hacks/glx/hydrostat.c b/hacks/glx/hydrostat.c
index ea3de9d..85aea63 100644
--- a/hacks/glx/hydrostat.c
+++ b/hacks/glx/hydrostat.c
@@ -508,10 +508,10 @@ make_squid (ModeInfo *mi, int which)
 static int
 cmp_squid (const void *aa, const void *bb)
 {
-  const squid *a = (squid *) aa;
-  const squid *b = (squid *) bb;
-  return ((int) (b->pos.y * 10000) -
-          (int) (a->pos.y * 10000));
+  squid * const *a = aa;
+  squid * const *b = bb;
+  return ((int) ((*b)->pos.y * 10000) -
+          (int) ((*a)->pos.y * 10000));
 }
 
 
-- 
2.7.4
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.