From 360c374261ec3344a413b3d9c02cc8071e274e95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Mon, 28 Oct 2013 08:39:33 +0200 Subject: main/musl: include git commits up to 71d23b310383 multiple bug fixes, and sys/timeb.h with ftime() implemented increasing compatibility with old applications. --- .../0002-fix-buffer-overflow-in-mbsrtowcs.patch | 41 ---------------------- 1 file changed, 41 deletions(-) delete mode 100644 main/musl/0002-fix-buffer-overflow-in-mbsrtowcs.patch (limited to 'main/musl/0002-fix-buffer-overflow-in-mbsrtowcs.patch') diff --git a/main/musl/0002-fix-buffer-overflow-in-mbsrtowcs.patch b/main/musl/0002-fix-buffer-overflow-in-mbsrtowcs.patch deleted file mode 100644 index 8b68cc8777..0000000000 --- a/main/musl/0002-fix-buffer-overflow-in-mbsrtowcs.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 211264e46a2f1bc382a84435e904d1548de672b0 Mon Sep 17 00:00:00 2001 -From: Rich Felker -Date: Fri, 27 Sep 2013 13:09:46 -0400 -Subject: [PATCH] fix buffer overflow in mbsrtowcs - -issue reported by Michael Forney: - -"If wn becomes 0 after processing a chunk of 4, mbsrtowcs currently -continues on, wrapping wn around to -1, causing the rest of the string -to be processed. - -This resulted in buffer overruns if there was only space in ws for wn -wide characters." - -the original patch submitted added an additional check for !wn after -the loop; to avoid extra branching, I instead just changed the wn>=4 -check to wn>=5 to ensure that at least one slot remains after the -word-at-a-time loop runs. this should not slow down the tail -processing on real-world usage, since an extra slot that can't be -processed in the word-at-a-time loop is needed for the null -termination anyway. ---- - src/multibyte/mbsrtowcs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/multibyte/mbsrtowcs.c b/src/multibyte/mbsrtowcs.c -index b9bbc33..066cce6 100644 ---- a/src/multibyte/mbsrtowcs.c -+++ b/src/multibyte/mbsrtowcs.c -@@ -59,7 +59,7 @@ resume0: - return wn0; - } - if (*s-1u < 0x7f && (uintptr_t)s%4 == 0) { -- while (wn>=4 && !(( *(uint32_t*)s | *(uint32_t*)s-0x01010101) & 0x80808080)) { -+ while (wn>=5 && !(( *(uint32_t*)s | *(uint32_t*)s-0x01010101) & 0x80808080)) { - *ws++ = *s++; - *ws++ = *s++; - *ws++ = *s++; --- -1.8.4 - -- cgit v1.2.3