diff options
Diffstat (limited to 'meta/recipes-devtools/git/files/CVE-2022-41903-08.patch')
| -rw-r--r-- | meta/recipes-devtools/git/files/CVE-2022-41903-08.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-08.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-08.patch new file mode 100644 index 0000000000..3de6a5ba6a --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-08.patch @@ -0,0 +1,67 @@ +From 17d23e8a3812a5ca3dd6564e74d5250f22e5d76d Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt <ps@pks.im> +Date: Thu, 1 Dec 2022 15:47:00 +0100 +Subject: [PATCH 08/12] utf8: fix returning negative string width + +The `utf8_strnwidth()` function calls `utf8_width()` in a loop and adds +its returned width to the end result. `utf8_width()` can return `-1` +though in case it reads a control character, which means that the +computed string width is going to be wrong. In the worst case where +there are more control characters than non-control characters, we may +even return a negative string width. + +Fix this bug by treating control characters as having zero width. + +Signed-off-by: Patrick Steinhardt <ps@pks.im> +Signed-off-by: Junio C Hamano <gitster@pobox.com> + +Upstream-Status: Backport [https://github.com/git/git/commit/17d23e8a3812a5ca3dd6564e74d5250f22e5d76d] +CVE: CVE-2022-41903 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + t/t4205-log-pretty-formats.sh | 6 ++++++ + utf8.c | 8 ++++++-- + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh +index 23ac508..261a6f0 100755 +--- a/t/t4205-log-pretty-formats.sh ++++ b/t/t4205-log-pretty-formats.sh +@@ -820,6 +820,12 @@ test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing wrapping dire + test_cmp expect error + ' + ++test_expect_success 'log --pretty with padding and preceding control chars' ' ++ printf "\20\20 0" >expect && ++ git log -1 --pretty="format:%x10%x10%>|(4)%x30" >actual && ++ test_cmp expect actual ++' ++ + test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' + # We only assert that this command does not crash. This needs to be + # executed with the address sanitizer to demonstrate failure. +diff --git a/utf8.c b/utf8.c +index a66984b..6632bd2 100644 +--- a/utf8.c ++++ b/utf8.c +@@ -212,11 +212,15 @@ int utf8_strnwidth(const char *string, size_t len, int skip_ansi) + const char *orig = string; + + while (string && string < orig + len) { +- int skip; ++ int glyph_width, skip; ++ + while (skip_ansi && + (skip = display_mode_esc_sequence_len(string)) != 0) + string += skip; +- width += utf8_width(&string, NULL); ++ ++ glyph_width = utf8_width(&string, NULL); ++ if (glyph_width > 0) ++ width += glyph_width; + } + return string ? width : len; + } +-- +2.25.1 + |