packages/ncurses
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixes for out-of-memory condition

Browse Source
This commit is contained in:
yangl777 2023-07-04 09:03:38 +00:00
parent 4b2f80d4ad
commit 992a2d90ee
3 changed files with 254 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
backport-fix-coredump-when-use-Memmove.patch Normal file
View File

@ -0,0 +1,90 @@
From 8884a7e908ffc6e8a0b6bcbca5832fe3fc579343 Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Sun, 25 Jun 2023 18:16:49 +0000
Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230625
ncurses 6.4 - patch 20230625 - Thomas E. Dickey
------------------------------------------------------------------------------
Ncurses 6.4 is at
https://invisible-island.net/archives/ncurses/
https://invisible-mirror.net/archives/ncurses/
https://ftp.gnu.org/gnu/ncurses/
Patches for ncurses 6.4 can be found at
https://invisible-island.net/archives/ncurses/6.4
https://invisible-mirror.net/archives/ncurses/6.4
------------------------------------------------------------------------------
https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230625.patch.gz
patch by Thomas E. Dickey <dickey@invisible-island.net>
created Sun Jun 25 23:46:35 UTC 2023
Conflict:Delete unnecessary modifications
Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/8884a7e908ffc6e8a0b6bcbca5832fe3fc579343
---
NEWS | 5 ++++-
ncurses/tty/hashmap.c | 9 ++++++---
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/NEWS b/NEWS
index a57ff03..b49ff26 100644
--- a/NEWS
+++ b/NEWS
@@ -26,7 +26,7 @@
-- sale, use or other dealings in this Software without prior written --
-- authorization. --
-------------------------------------------------------------------------------
--- $Id: NEWS,v 1.3969 2023/06/24 22:59:35 tom Exp $
+-- $Id: NEWS,v 1.3971 2023/06/25 18:16:49 tom Exp $
-------------------------------------------------------------------------------
This is a log of changes that ncurses has gone through since Zeyd started
@@ -46,6 +46,9 @@ See the AUTHORS file for the corresponding full names.
Changes through 1.9.9e did not credit all contributions;
it is not possible to add this information.
+20230625
+ + fixes for out-of-memory condition (report by "eaglegai").
+
20230624
+ fixes for out-of-memory condition (report by "eaglegai").
diff --git a/ncurses/tty/hashmap.c b/ncurses/tty/hashmap.c
index 3f124c9..2ddfaaa 100644
--- a/ncurses/tty/hashmap.c
+++ b/ncurses/tty/hashmap.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright 2019,2020 Thomas E. Dickey *
+ * Copyright 2019-2020,2023 Thomas E. Dickey *
* Copyright 1998-2015,2016 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
@@ -74,7 +74,7 @@ AUTHOR
#define CUR SP_TERMTYPE
#endif
-MODULE_ID("$Id: hashmap.c,v 1.69 2020/05/31 17:50:48 tom Exp $")
+MODULE_ID("$Id: hashmap.c,v 1.70 2023/06/25 17:16:01 tom Exp $")
#ifdef HASHDEBUG
@@ -318,8 +318,11 @@ NCURSES_SP_NAME(_nc_hash_map) (NCURSES_SP_DCL0)
if (newhash(SP_PARM) == 0)
newhash(SP_PARM) = typeCalloc(unsigned long,
(size_t) screen_lines(SP_PARM));
- if (!oldhash(SP_PARM) || !newhash(SP_PARM))
+ if (!oldhash(SP_PARM) || !newhash(SP_PARM)) {
+ FreeAndNull(oldhash(SP_PARM));
+ FreeAndNull(newhash(SP_PARM));
return; /* malloc failure */
+ }
for (i = 0; i < screen_lines(SP_PARM); i++) {
newhash(SP_PARM)[i] = hash(SP_PARM, NEWTEXT(SP_PARM, i));
oldhash(SP_PARM)[i] = hash(SP_PARM, OLDTEXT(SP_PARM, i));
--
2.33.0

155
backport-fix-for-out-of-memory-condition.patch Normal file
View File

@ -0,0 +1,155 @@
From 6f1b898d6bac009e629f374d552d0869670b8e6a Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Sat, 24 Jun 2023 22:59:35 +0000
Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230624
ncurses 6.4 - patch 20230624 - Thomas E. Dickey
------------------------------------------------------------------------------
Ncurses 6.4 is at
https://invisible-island.net/archives/ncurses/
https://invisible-mirror.net/archives/ncurses/
https://ftp.gnu.org/gnu/ncurses/
Patches for ncurses 6.4 can be found at
https://invisible-island.net/archives/ncurses/6.4
https://invisible-mirror.net/archives/ncurses/6.4
------------------------------------------------------------------------------
https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230624.patch.gz
patch by Thomas E. Dickey <dickey@invisible-island.net>
created Sun Jun 25 00:38:02 UTC 2023
Conflict:Delete unnecessary modifications and adaptation of the modification time
Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/6f1b898d6bac009e629f374d552d0869670b8e6a
---
NEWS | 5 ++++-
ncurses/tinfo/lib_setup.c | 9 ++++-----
ncurses/tinfo/lib_tparm.c | 7 ++++++-
ncurses/tty/hardscroll.c | 12 +++++++++---
4 files changed, 23 insertions(+), 10 deletions(-)
diff --git a/NEWS b/NEWS
index 57ef74c..a57ff03 100644
--- a/NEWS
+++ b/NEWS
@@ -26,7 +26,7 @@
-- sale, use or other dealings in this Software without prior written --
-- authorization. --
-------------------------------------------------------------------------------
--- $Id: NEWS,v 1.3895 2022/12/31 20:43:21 tom Exp $
+-- $Id: NEWS,v 1.3969 2023/06/24 22:59:35 tom Exp $
-------------------------------------------------------------------------------
This is a log of changes that ncurses has gone through since Zeyd started
@@ -46,6 +46,9 @@ See the AUTHORS file for the corresponding full names.
Changes through 1.9.9e did not credit all contributions;
it is not possible to add this information.
+20230624
+ + fixes for out-of-memory condition (report by "eaglegai").
+
20221231 6.4 release for upload to ftp.gnu.org
+ update release notes
+ regenerate llib-* files.
diff --git a/ncurses/tinfo/lib_setup.c b/ncurses/tinfo/lib_setup.c
index 0aaaa93..0ad5035 100644
--- a/ncurses/tinfo/lib_setup.c
+++ b/ncurses/tinfo/lib_setup.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright 2018-2021,2022 Thomas E. Dickey *
+ * Copyright 2018-2022,2023 Thomas E. Dickey *
* Copyright 1998-2016,2017 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
@@ -49,7 +49,7 @@
#include <locale.h>
#endif
-MODULE_ID("$Id: lib_setup.c,v 1.218 2022/08/13 18:12:22 tom Exp $")
+MODULE_ID("$Id: lib_setup.c,v 1.219 2023/06/24 13:25:14 tom Exp $")
/****************************************************************************
*
@@ -679,10 +679,9 @@ TINFO_SETUP_TERM(TERMINAL **tp,
#endif
}
myname = strdup(tname);
-
- if (strlen(myname) > MAX_NAME_SIZE) {
+ if (myname == NULL || strlen(myname) > MAX_NAME_SIZE) {
ret_error(TGETENT_ERR,
- "TERM environment must be <= %d characters.\n",
+ "TERM environment must be 1..%d characters.\n",
MAX_NAME_SIZE,
free(myname));
}
diff --git a/ncurses/tinfo/lib_tparm.c b/ncurses/tinfo/lib_tparm.c
index 72d8813..9d41b60 100644
--- a/ncurses/tinfo/lib_tparm.c
+++ b/ncurses/tinfo/lib_tparm.c
@@ -53,7 +53,7 @@
#include <ctype.h>
#include <tic.h>
-MODULE_ID("$Id: lib_tparm.c,v 1.137 2021/11/20 23:29:15 tom Exp $")
+MODULE_ID("$Id: lib_tparm.c,v 1.150 2023/06/24 16:12:52 tom Exp $")
/*
* char *
@@ -798,6 +798,11 @@ tparam_internal(TPARM_STATE *tps, const char *string, TPARM_DATA *data)
tparm_trace_call(tps, string, data);
+ if (TPS(fmt_buff) == NULL) {
+ T((T_RETURN("<null>")));
+ return NULL;
+ }
+
while ((cp - string) < (int) len2) {
if (*cp != '%') {
save_char(tps, UChar(*cp));
diff --git a/ncurses/tty/hardscroll.c b/ncurses/tty/hardscroll.c
index abb21cf..d66aa99 100644
--- a/ncurses/tty/hardscroll.c
+++ b/ncurses/tty/hardscroll.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright 2020 Thomas E. Dickey *
+ * Copyright 2020,2023 Thomas E. Dickey *
* Copyright 1998-2015,2016 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
@@ -148,7 +148,7 @@ AUTHOR
#include <curses.priv.h>
-MODULE_ID("$Id: hardscroll.c,v 1.54 2020/02/02 23:34:34 tom Exp $")
+MODULE_ID("$Id: hardscroll.c,v 1.56 2023/06/24 22:55:24 tom Exp $")
#if defined(SCROLLDEBUG) || defined(HASHDEBUG)
@@ -204,13 +204,19 @@ NCURSES_SP_NAME(_nc_scroll_optimize) (NCURSES_SP_DCL0)
int *new_oldnums = typeRealloc(int,
(size_t) need_lines,
oldnums(SP_PARM));
- if (!new_oldnums)
+ if (!new_oldnums) {
+ TR(TRACE_ICALLS, (T_RETURN("")));
return;
+ }
oldnums(SP_PARM) = new_oldnums;
OLDNUM_SIZE(SP_PARM) = need_lines;
}
/* calculate the indices */
NCURSES_SP_NAME(_nc_hash_map) (NCURSES_SP_ARG);
+ if (SP_PARM->hashtab_len < screen_lines(SP_PARM)) {
+ TR(TRACE_ICALLS, (T_RETURN("")));
+ return;
+ }
#endif
#endif /* !defined(SCROLLDEBUG) && !defined(HASHDEBUG) */
--
2.33.0

10
ncurses.spec
View File

@ -1,6 +1,6 @@
Name: ncurses
Version: 6.4
Release: 3
Release: 4
Summary: Terminal control library
License: MIT
URL: https://invisible-island.net/ncurses/ncurses.html
@ -12,6 +12,8 @@ Patch11: ncurses-urxvt.patch
Patch12: ncurses-kbs.patch
Patch13: backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
Patch14: backport-0002-CVE-2023-29491-env-access.patch
Patch15: backport-fix-for-out-of-memory-condition.patch
Patch16: backport-fix-coredump-when-use-Memmove.patch
BuildRequires: make gcc gcc-c++ gpm-devel pkgconfig
@ -246,6 +248,12 @@ xz NEWS
%{_mandir}/man7/*
%changelog
* Tue Jul 04 2023 yanglu <yanglu72@h-partners.com> - 6.4-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fixes for out-of-memory condition
* Mon Jul 03 2023 yanglu <yanglu72@h-partners.com> - 6.4-3
- Type:CVE
- CVE:CVE-2023-29491