openeuler-ci-bot
Gitee
commit
4e4d758bf4
@ -1,131 +0,0 @@
|
||||
From 839085f8026afd6f6920a0c31ad2a9d880d97932 Mon Sep 17 00:00:00 2001
|
||||
From: Stephen C North <scnorth@gmail.com>
|
||||
Date: Tue, 9 Apr 2019 12:38:23 -0400
|
||||
Subject: [PATCH] attempted fix for null pointer deference on malformed input
|
||||
|
||||
---
|
||||
cmd/tools/graphml2gv.c | 36 +++++++++++++++++++++---------------
|
||||
lib/cgraph/grammar.y | 8 ++++++++
|
||||
lib/cgraph/obj.c | 2 ++
|
||||
3 files changed, 31 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/cmd/tools/graphml2gv.c b/cmd/tools/graphml2gv.c
|
||||
index f4798089e..b9fc9730c 100644
|
||||
--- a/cmd/tools/graphml2gv.c
|
||||
+++ b/cmd/tools/graphml2gv.c
|
||||
@@ -468,8 +468,10 @@ startElementHandler(void *userData, const char *name, const char **atts)
|
||||
if (pos > 0) {
|
||||
const char *attrname;
|
||||
attrname = atts[pos];
|
||||
-
|
||||
- bind_node(attrname);
|
||||
+ if (G == 0)
|
||||
+ fprintf(stderr,"node %s outside graph, ignored\n",attrname);
|
||||
+ else
|
||||
+ bind_node(attrname);
|
||||
|
||||
pushString(&ud->elements, attrname);
|
||||
}
|
||||
@@ -495,21 +497,25 @@ startElementHandler(void *userData, const char *name, const char **atts)
|
||||
if (tname)
|
||||
head = tname;
|
||||
|
||||
- bind_edge(tail, head);
|
||||
+ if (G == 0)
|
||||
+ fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head);
|
||||
+ else {
|
||||
+ bind_edge(tail, head);
|
||||
|
||||
- t = AGTAIL(E);
|
||||
- tname = agnameof(t);
|
||||
+ t = AGTAIL(E);
|
||||
+ tname = agnameof(t);
|
||||
|
||||
- if (strcmp(tname, tail) == 0) {
|
||||
- ud->edgeinverted = FALSE;
|
||||
- } else if (strcmp(tname, head) == 0) {
|
||||
- ud->edgeinverted = TRUE;
|
||||
- }
|
||||
+ if (strcmp(tname, tail) == 0) {
|
||||
+ ud->edgeinverted = FALSE;
|
||||
+ } else if (strcmp(tname, head) == 0) {
|
||||
+ ud->edgeinverted = TRUE;
|
||||
+ }
|
||||
|
||||
- pos = get_xml_attr("id", atts);
|
||||
- if (pos > 0) {
|
||||
- setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
|
||||
- }
|
||||
+ pos = get_xml_attr("id", atts);
|
||||
+ if (pos > 0) {
|
||||
+ setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
|
||||
+ }
|
||||
+ }
|
||||
} else {
|
||||
/* must be some extension */
|
||||
fprintf(stderr,
|
||||
@@ -530,7 +536,7 @@ static void endElementHandler(void *userData, const char *name)
|
||||
char *ele_name = topString(ud->elements);
|
||||
if (ud->closedElementType == TAG_GRAPH) {
|
||||
Agnode_t *node = agnode(root, ele_name, 0);
|
||||
- agdelete(root, node);
|
||||
+ if (node) agdelete(root, node);
|
||||
}
|
||||
popString(&ud->elements);
|
||||
Current_class = TAG_GRAPH;
|
||||
diff --git a/lib/cgraph/grammar.y b/lib/cgraph/grammar.y
|
||||
index 90aa27387..127a7241a 100644
|
||||
--- a/lib/cgraph/grammar.y
|
||||
+++ b/lib/cgraph/grammar.y
|
||||
@@ -22,6 +22,7 @@ extern void yyerror(char *); /* gets mapped to aagerror, see below */
|
||||
#endif
|
||||
|
||||
static char Key[] = "key";
|
||||
+static int SubgraphDepth = 0;
|
||||
|
||||
typedef union s { /* possible items in generic list */
|
||||
Agnode_t *n;
|
||||
@@ -542,6 +543,7 @@ static void startgraph(char *name, int directed, int strict)
|
||||
static Agdesc_t req; /* get rid of warnings */
|
||||
|
||||
if (G == NILgraph) {
|
||||
+ SubgraphDepth = 0;
|
||||
req.directed = directed;
|
||||
req.strict = strict;
|
||||
req.maingraph = TRUE;
|
||||
@@ -562,6 +564,11 @@ static void endgraph()
|
||||
|
||||
static void opensubg(char *name)
|
||||
{
|
||||
+ if (++SubgraphDepth >= YYMAXDEPTH/2) {
|
||||
+ char buf[128];
|
||||
+ sprintf(buf,"subgraphs nested more than %d deep",YYMAXDEPTH);
|
||||
+ agerr(AGERR,buf);
|
||||
+ }
|
||||
S = push(S,agsubg(S->g,name,TRUE));
|
||||
agstrfree(G,name);
|
||||
}
|
||||
@@ -569,6 +576,7 @@ static void opensubg(char *name)
|
||||
static void closesubg()
|
||||
{
|
||||
Agraph_t *subg = S->g;
|
||||
+ --SubgraphDepth;
|
||||
S = pop(S);
|
||||
S->subg = subg;
|
||||
assert(subg);
|
||||
diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c
|
||||
index 7b1c8c101..709774e3d 100644
|
||||
--- a/lib/cgraph/obj.c
|
||||
+++ b/lib/cgraph/obj.c
|
||||
@@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack)
|
||||
|
||||
Agraph_t *agroot(void* obj)
|
||||
{
|
||||
+ // fixes CVE-2019-11023 by moving the problem to the caller :-)
|
||||
+ if (obj == 0) return NILgraph;
|
||||
switch (AGTYPE(obj)) {
|
||||
case AGINEDGE:
|
||||
case AGOUTEDGE:
|
||||
--
|
||||
2.21.0
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
/lib/sfio/features/sfio b/lib/sfio/features/sfio
|
||||
--- a/lib/sfio/features/sfio 2018-01-01 00:00:00.000000000 +0000
|
||||
+++ b/lib/sfio/features/sfio 2018-01-01 00:00:00.000000000 +0000
|
||||
@@ -89,7 +89,7 @@ lib memchr note{ see if memchr is fast }
|
||||
t2 = (etm2.tms_utime - stm2.tms_utime) +
|
||||
(etm2.tms_stime - stm2.tms_stime);
|
||||
|
||||
- return t1 < t2 ? 0 : 1;
|
||||
+ return 1;
|
||||
}
|
||||
}end
|
||||
|
||||
@@ -130,7 +130,7 @@ lib memccpy note{ see if memccpy is fast
|
||||
t2 = (etm2.tms_utime - stm2.tms_utime) +
|
||||
(etm2.tms_stime - stm2.tms_stime);
|
||||
|
||||
- return t1 < t2 ? 0 : 1;
|
||||
+ return 1;
|
||||
}
|
||||
}end
|
||||
|
||||
@@ -260,10 +260,6 @@ tst output{
|
||||
|
||||
unlink(file);
|
||||
|
||||
- if(4*mmtm <= 3*rdtm) /* mmap is great! */
|
||||
- printf("#define _mmap_worthy 2 \n");
|
||||
- else if(4*mmtm <= 5*rdtm) /* mmap is good */
|
||||
- printf("#define _mmap_worthy 1 \n");
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -1,16 +0,0 @@
|
||||
diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c
|
||||
--- a/lib/dotgen/conc.c
|
||||
+++ b/lib/dotgen/conc.c
|
||||
@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g)
|
||||
|
||||
for (r = GD_minrank(g); r <= GD_maxrank(g); r++) {
|
||||
lead = GD_rankleader(g)[r];
|
||||
- if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
|
||||
+ if (lead == NULL) {
|
||||
+ agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r);
|
||||
+ longjmp(jbuf, 1);
|
||||
+ }
|
||||
+ else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
|
||||
agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n",
|
||||
agnameof(lead), ND_order(lead), r);
|
||||
longjmp(jbuf, 1);
|
||||
@ -1,22 +0,0 @@
|
||||
diff --git a/cmd/dotty/dotty_ui.lefty b/cmd/dotty/dotty_ui.lefty
|
||||
index a8c9116..a708c61 100644
|
||||
--- a/cmd/dotty/dotty_ui.lefty
|
||||
+++ b/cmd/dotty/dotty_ui.lefty
|
||||
@@ -342,7 +342,7 @@ dotty.protovt.normal.uifuncs = [
|
||||
else
|
||||
gt.insertedge (gt, data.pobj, null, data.obj, null, null, 1);
|
||||
};
|
||||
- 'rightdown' = function (data) {
|
||||
+ 'rightup' = function (data) {
|
||||
local vt, gt, menu, i;
|
||||
|
||||
vt = dotty.views[data.widget];
|
||||
@@ -447,7 +447,7 @@ dotty.protovt.birdseye.uifuncs = [
|
||||
'middledown' = dotty.protovt.normal.uifuncs.middledown;
|
||||
'middlemove' = dotty.protovt.normal.uifuncs.middlemove;
|
||||
'middleup' = dotty.protovt.normal.uifuncs.middleup;
|
||||
- 'rightdown' = dotty.protovt.normal.uifuncs.rightdown;
|
||||
+ 'rightup' = dotty.protovt.normal.uifuncs.rightup;
|
||||
'keyup' = dotty.protovt.normal.uifuncs.keyup;
|
||||
'redraw' = dotty.protovt.normal.uifuncs.redraw;
|
||||
'closeview' = dotty.protovt.normal.uifuncs.closeview;
|
||||
@ -1,56 +0,0 @@
|
||||
diff --git a/config/config_python.py b/config/config_python.py
|
||||
index b747045..2b1ac8d 100644
|
||||
--- a/config/config_python.py
|
||||
+++ b/config/config_python.py
|
||||
@@ -1,12 +1,13 @@
|
||||
+from __future__ import print_function
|
||||
+
|
||||
import sys
|
||||
from distutils import sysconfig
|
||||
|
||||
if sys.argv[1] == "archlib":
|
||||
- print sysconfig.get_python_lib(1,1)
|
||||
+ print(sysconfig.get_python_lib(1,1))
|
||||
elif sys.argv[1] == "lib":
|
||||
- print sysconfig.get_python_lib(0,1)
|
||||
+ print(sysconfig.get_python_lib(0,1))
|
||||
elif sys.argv[1] == "archsitelib":
|
||||
- print sysconfig.get_python_lib(1,0)
|
||||
+ print(sysconfig.get_python_lib(1,0))
|
||||
elif sys.argv[1] == "sitelib":
|
||||
- print sysconfig.get_python_lib(0,0)
|
||||
-
|
||||
+ print(sysconfig.get_python_lib(0,0))
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 51166c3..0f18965 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1142,7 +1142,7 @@ else
|
||||
if test `$SWIG -help 2>&1 | $EGREP -c '\-python *- Generate'` = 0; then
|
||||
use_python="No (swig does not support -python option)"
|
||||
else
|
||||
- AC_CHECK_PROG(PYTHON,python,python)
|
||||
+ AC_CHECK_PROGS(PYTHON,[python3 python])
|
||||
if test "x$PYTHON" = "x"; then
|
||||
use_python="No (python not available)"
|
||||
else
|
||||
@@ -1167,8 +1167,8 @@ else
|
||||
if test "x$PYTHON" = "x"; then
|
||||
use_python="No (python is too old)"
|
||||
else
|
||||
- PYTHON_PREFIX=`$PYTHON -c "import sys; print sys.prefix"`
|
||||
- PYTHON_INCLUDES=-I$PYTHON_PREFIX/include/python$PYTHON_VERSION_SHORT
|
||||
+ PYTHON_PREFIX=`$PYTHON -c "import sys; print(sys.prefix)"`
|
||||
+ PYTHON_INCLUDES=`$PYTHON-config --includes`
|
||||
# PYTHON_LIBS="-lpython$PYTHON_VERSION_SHORT"
|
||||
PYTHON_LIBS="-undefined dynamic_lookup"
|
||||
PYTHON_INSTALL_DIR="`$PYTHON $srcdir/config/config_python.py archsitelib`"
|
||||
@@ -1548,7 +1548,7 @@ else
|
||||
if test "x$PYTHON34" = "x"; then
|
||||
use_python34="No (python34 is too old)"
|
||||
else
|
||||
- PYTHON34_PREFIX=`$PYTHON3 -c "import sys; print sys.prefix"`
|
||||
+ PYTHON34_PREFIX=`$PYTHON3 -c "import sys; print(sys.prefix)"`
|
||||
# PYTHON34_INCLUDES=-I$PYTHON34_PREFIX/include/python$PYTHON34_VERSION_SHORT
|
||||
# FIXME - whats the stupid "m" for?
|
||||
PYTHON34_INCLUDES=-I/usr/include/python3.4m
|
||||
@ -1,25 +0,0 @@
|
||||
diff --git a/plugin/visio/VisioGraphic.cpp b/plugin/visio/VisioGraphic.cpp
|
||||
index 303eac0..14e377c 100644
|
||||
--- a/plugin/visio/VisioGraphic.cpp
|
||||
+++ b/plugin/visio/VisioGraphic.cpp
|
||||
@@ -29,6 +29,8 @@
|
||||
#define isfinite(x) finite(x)
|
||||
#endif
|
||||
|
||||
+#include <cstdlib>
|
||||
+
|
||||
#include "VisioGraphic.h"
|
||||
|
||||
#include "gvcjob.h"
|
||||
diff --git a/plugin/visio/VisioText.cpp b/plugin/visio/VisioText.cpp
|
||||
index 635806c..3c6441a 100644
|
||||
--- a/plugin/visio/VisioText.cpp
|
||||
+++ b/plugin/visio/VisioText.cpp
|
||||
@@ -17,6 +17,7 @@
|
||||
|
||||
#include "gvcjob.h"
|
||||
#include "gvio.h"
|
||||
+#include <cstdlib>
|
||||
#include <string.h>
|
||||
|
||||
extern "C" char *xml_string(char* str);
|
||||
Binary file not shown.
@ -15,22 +15,12 @@
|
||||
|
||||
|
||||
Name: graphviz
|
||||
Version: 2.40.1
|
||||
Release: 39
|
||||
Version: 2.44.1
|
||||
Release: 1
|
||||
Summary: Graph Visualization Tools
|
||||
License: EPL
|
||||
URL: http://www.graphviz.org/
|
||||
Source0: https://gitlab.com/graphviz/graphviz/-/archive/stable_release_%{version}/graphviz.tar.gz
|
||||
|
||||
Patch0: graphviz-2.40.1-visio.patch
|
||||
|
||||
Patch1: graphviz-2.40.1-python3.patch
|
||||
|
||||
Patch2: graphviz-2.40.1-CVE-2018-10196.patch
|
||||
Patch3: graphviz-2.40.1-dotty-menu-fix.patch
|
||||
|
||||
Patch6000: CVE-2019-11023.patch
|
||||
Patch9000: elimination-define-difference.patch
|
||||
Source0: https://gitlab.com/graphviz/graphviz/-/archive/%{version}/graphviz-%{version}.tar.gz
|
||||
|
||||
BuildRequires: ksh bison m4 flex ruby automake perl-Carp autoconf libtool qpdf ocaml urw-base35-fonts, perl-ExtUtils-Embed, perl-generators, librsvg2-devel swig >= 1.3.33
|
||||
BuildRequires: zlib-devel libpng-devel libjpeg-devel expat-devel tk-devel fontconfig-devel libtool-ltdl-devel ruby-devel guile-devel freetype-devel >= 2 tcl-devel >= 8.3
|
||||
@ -283,7 +273,6 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/
|
||||
%defattr(644,root,root)
|
||||
%doc %{_datadir}/%{name}/doc
|
||||
%doc %{_datadir}/%{name}/demo
|
||||
%doc %{_datadir}/%{name}/doc/pdf
|
||||
%{_mandir}/man1/*
|
||||
%{_mandir}/man3/*
|
||||
%{_mandir}/man7/*
|
||||
@ -305,10 +294,12 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/
|
||||
%if %{with python2}
|
||||
%files python2
|
||||
%{python2_sitearch}/*
|
||||
%{_libdir}/graphviz/python2/*
|
||||
%endif
|
||||
|
||||
%files python3
|
||||
%{python3_sitearch}/*
|
||||
%{_libdir}/graphviz/python3/*
|
||||
|
||||
%files ruby
|
||||
%{_libdir}/graphviz/ruby/
|
||||
@ -321,6 +312,9 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jul 24 2020 hanhui <hanhui15@huawei.com> - 2.44.1-1
|
||||
- update to 2.44.1
|
||||
|
||||
* Tue Jun 23 2020 xinghe <xinghe1@huawei.com> - 2.40.1-39
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
@ -334,4 +328,4 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/
|
||||
- DESC:optimization the spec
|
||||
|
||||
* Thu Sep 19 2019 hufeng <solar.hu@huawei.com> - 2.40.1-37
|
||||
-Create spec
|
||||
-Create spec
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user