Merge pull request #274785 from risicle/ris-zbar-CVE-2023-40889-CVE-2023-40890-debian
zbar: use better patches for CVE-2023-40889 & CVE-2023-40890
This commit is contained in:
commit
b26142cc9a
3 changed files with 10 additions and 45 deletions
|
@ -1,17 +0,0 @@
|
|||
Simple bounds checks for CVE-2023-40889, based on third-party
|
||||
fix by Remi Meier @
|
||||
https://github.com/Raemi/zbar/commit/5e8acc6974f17e56c3ddaa5509870beb8d7a599c
|
||||
|
||||
--- a/zbar/qrcode/qrdec.c
|
||||
+++ b/zbar/qrcode/qrdec.c
|
||||
@@ -3900,8 +3900,8 @@ void qr_reader_match_centers(qr_reader *_reader,qr_code_data_list *_qrlist,
|
||||
/*TODO: We might be able to accelerate this step significantly by
|
||||
considering the remaining finder centers in a more intelligent order,
|
||||
based on the first finder center we just chose.*/
|
||||
- for(j=i+1;!mark[i]&&j<_ncenters;j++){
|
||||
- for(k=j+1;!mark[j]&&k<_ncenters;k++)if(!mark[k]){
|
||||
+ for(j=i+1; i < _ncenters && !mark[i]&&j<_ncenters;j++){
|
||||
+ for(k=j+1; j < _ncenters && !mark[j]&&k<_ncenters;k++)if(!mark[k]){
|
||||
qr_finder_center *c[3];
|
||||
qr_code_data qrdata;
|
||||
int version;
|
|
@ -1,26 +0,0 @@
|
|||
Simple bounds checks for CVE-2023-40890
|
||||
|
||||
--- a/zbar/decoder/databar.c
|
||||
+++ b/zbar/decoder/databar.c
|
||||
@@ -23,6 +23,8 @@
|
||||
|
||||
#include <config.h>
|
||||
#include <zbar.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <stdio.h>
|
||||
|
||||
#ifdef DEBUG_DATABAR
|
||||
# define DEBUG_LEVEL (DEBUG_DATABAR)
|
||||
@@ -691,6 +693,12 @@ lookup_sequence (databar_segment_t *seg,
|
||||
fixed = -1;
|
||||
s <<= 1;
|
||||
dbprintf(2, "%x", s);
|
||||
+
|
||||
+ if (i > 20) {
|
||||
+ fprintf(stderr, "Bug: Out-of-bounds condition detected\n");
|
||||
+ exit(99);
|
||||
+ }
|
||||
+
|
||||
seq[i++] = s++;
|
||||
seq[i++] = s;
|
||||
}
|
|
@ -44,8 +44,16 @@ stdenv.mkDerivation rec {
|
|||
};
|
||||
|
||||
patches = [
|
||||
./0.23.92-CVE-2023-40889.patch
|
||||
./0.23.92-CVE-2023-40890.patch
|
||||
(fetchpatch {
|
||||
name = "CVE-2023-40889.patch";
|
||||
url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0003-CVE-2023-40889-qrdec.c-Fix-array-out-of-bounds-acces.patch";
|
||||
hash = "sha256-z0IADJwUt9PBoox5xJJN//5vrcRbIrWB9H7wtxNVUZU=";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2023-40890.patch";
|
||||
url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0004-Add-bounds-check-for-CVE-2023-40890.patch";
|
||||
hash = "sha256-YgiptwXpRpz0qIcXBpARfIzSB8KYmksZR58o5yFPahs=";
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
Loading…
Reference in a new issue