Djam/rpm
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/rpm.git synced 2025-02-23 10:23:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
rpm/rpm-5.4.10-trigtrans_avoid_alloca_as_stack_overflows.patch
Sergei A. Trusov 2682712985 Fixed stack overflow on RPM with 121 008 objects
2017-12-06 19:45:23 +10:00

76 lines
2.5 KiB
Diff
Raw Blame History

diff -pNaur rpm-rosa.orig/lib/psm.c rpm-rosa/lib/psm.c
--- rpm-rosa.orig/lib/psm.c 2017-12-06 16:44:00.000000000 +1000
+++ rpm-rosa/lib/psm.c 2017-12-06 19:17:32.499534079 +1000
@@ -1904,7 +1904,8 @@ static rpmRC runScriptTriggersLoop(rpmps
rpmfi fi = NULL;
rpmds sourceDs = memset(alloca(sizeof(*sourceDs)), 0, sizeof(*sourceDs));
char * depName = NULL;
- char * evr;
+ char * evr = NULL;
+ char * evr_allocated = NULL;
char * ptr = NULL;
ARGI_t instances = NULL;
rpmmi mi;
@@ -1920,15 +1921,26 @@ static rpmRC runScriptTriggersLoop(rpmps
else
n = ts->orderCount;
- evr = memset(alloca(n * 64 * sizeof(*evr)), 0, n * 64 * sizeof(*evr));
- ptr = evr;
sourceDs->tagN = tagno;
sourceDs->Type = tagName(tagno);
sourceDs->Count = n;
sourceDs->i = -1;
- sourceDs->N = memset(alloca(n * sizeof(*sourceDs->N)), 0, n * sizeof(*sourceDs->N));
- sourceDs->EVR = memset(alloca(n * sizeof(*sourceDs->EVR)), 0, n * sizeof(*sourceDs->EVR));
- sourceDs->Flags = (evrFlags *) memset(alloca(n * sizeof(*sourceDs->Flags)), 0, n * sizeof(*sourceDs->Flags));
+
+ /* Avoid stack allocation as it overflows */
+ rc = RPMRC_FAIL;
+ ptr = evr = evr_allocated = calloc(n * 64, sizeof(*evr));
+ if (!evr_allocated)
+ goto exit_free;
+ sourceDs->N = calloc(n, sizeof(*sourceDs->N));
+ if (!sourceDs->N)
+ goto exit_free;
+ sourceDs->EVR = calloc(n, sizeof(*sourceDs->EVR));
+ if (!sourceDs->EVR)
+ goto exit_free;
+ sourceDs->Flags = calloc(n, sizeof(*sourceDs->Flags));
+ if (!sourceDs->Flags)
+ goto exit_free;
+ rc = RPMRC_OK;
pi = rpmtsiInit(ts);
while ((p = rpmtsiNext(pi, psm->goal == PSM_PKGINSTALL ? TR_ADDED : TR_REMOVED)) != NULL) {
@@ -1957,7 +1969,7 @@ static rpmRC runScriptTriggersLoop(rpmps
pi = rpmtsiFree(pi);
if (sourceDs->i == -1)
- return rc;
+ goto exit_free;
/* Fire elements against rpmdb trigger strings. */
for(sourceDs->i = 0; sourceDs->i < (int)sourceDs->Count; sourceDs->i++) {
@@ -1968,7 +1980,7 @@ static rpmRC runScriptTriggersLoop(rpmps
if (!depName || !*depName)
- return rc;
+ goto exit_free;
if (_psm_debug)
rpmlog(RPMLOG_DEBUG, "--> %s:%d depName: %s tagno: %d ix: %d\n", __FUNCTION__, __LINE__, depName, tagno, sourceDs->i);
@@ -2014,6 +2026,12 @@ static rpmRC runScriptTriggersLoop(rpmps
instances = argiFree(instances);
+exit_free:
+ free(sourceDs->Flags);
+ free(sourceDs->EVR);
+ free(sourceDs->N);
+ free(evr_allocated);
+
return rc;
}
Reference in a new issue View git blame Copy permalink