blob: 5c13ce5e9d5633ce98f0aadda04337bbc01d88d2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
From 43928ee565b9c4f69daa1875da66f92b2d5bf932 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Tue, 11 Dec 2018 10:27:15 +0100
Subject: [PATCH] Fix: testsolv segfaults
Reply-To: muislam@microsoft.com
ERROR: AddressSanitizer: SEGV on unknown address 0x0000000002f0 (pc 0x7f31501d3bd2 bp 0x7ffcfe4d4a50 sp 0x7ffcfe4d4a30 T0)
0 0x7f31501d3bd1 in pool_whatprovides /home/company/real_sanitize/libsolv-master/src/pool.h:331
1 0x7f31501d895e in testcase_str2solvid /home/company/real_sanitize/libsolv-master/ext/testcase.c:793
2 0x7f31501e8388 in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2807
3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148
4 0x7f314fa8da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8)
ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f5af9e7815f bp 0x7ffc4c843a40 sp 0x7ffc4c8436c0 T0)
0 0x7f5af9e7815e in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2799
1 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148
2 0x7f5af971da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
3 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8)
CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
Upstream-Status: Backport
Signed-off-by: Muminul Islam <muislam@microsoft.com>
Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits
---
ext/testcase.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/testcase.c b/ext/testcase.c
index dd20de14..83467fe2 100644
--- a/ext/testcase.c
+++ b/ext/testcase.c
@@ -2772,7 +2772,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
{
int i = strlen(pieces[1]);
s = strchr(pieces[1], '(');
- if (!s && pieces[1][i - 1] != ')')
+ if (!s || pieces[1][i - 1] != ')')
{
pool_error(pool, 0, "testcase_read: bad namespace '%s'", pieces[1]);
}
--
2.23.0
|