From d33b3cf6cff9fdbfc8362bf854c3c34b2c28d518 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 21 Apr 2023 00:01:06 +0100 Subject: gentoo auto-resync : 21:04:2023 - 00:01:05 --- ...cc-3.4-fix-dcc_gcc_rewrite_fqn-corruption.patch | 65 ++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 sys-devel/distcc/files/distcc-3.4-fix-dcc_gcc_rewrite_fqn-corruption.patch (limited to 'sys-devel/distcc/files') diff --git a/sys-devel/distcc/files/distcc-3.4-fix-dcc_gcc_rewrite_fqn-corruption.patch b/sys-devel/distcc/files/distcc-3.4-fix-dcc_gcc_rewrite_fqn-corruption.patch new file mode 100644 index 000000000000..14c08db329d1 --- /dev/null +++ b/sys-devel/distcc/files/distcc-3.4-fix-dcc_gcc_rewrite_fqn-corruption.patch @@ -0,0 +1,65 @@ +https://bugs.gentoo.org/904720 +https://github.com/distcc/distcc/commit/879b71d6e95673e58d33f6c3c341a893ee307161 + +From 879b71d6e95673e58d33f6c3c341a893ee307161 Mon Sep 17 00:00:00 2001 +From: Alexey Sheplyakov +Date: Sat, 10 Jul 2021 22:18:14 +0400 +Subject: [PATCH] dcc_gcc_rewrite_fqn: avoid heap corruption + +On ALT Linux I've run into the following bug: + +distcc gcc -Wall -std=gnu89 -I. -O2 -o hello.o -c hello.c +free(): invalid next size (fast) +Aborted (core dumped) + +Apparently dcc_gcc_rewrite writes beyond the allocated memory: + +valgrind --leak-check=full -v ./distcc gcc -Wall -std=gnu89 -I. -O2 -o hello.o -c hello.c + +==11382== ERROR SUMMARY: 53 errors from 5 contexts (suppressed: 0 from 0) +==11382== +==11382== 1 errors in context 1 of 5: +==11382== Invalid write of size 1 +==11382== at 0x4C349D8: strcat (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) +==11382== by 0x10D165: dcc_gcc_rewrite_fqn (compile.c:611) +==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) +==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) +==11382== by 0x10E380: main (distcc.c:352) +==11382== Address 0x544e828 is 1 bytes after a block of size 23 alloc'd +==11382== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) +==11382== by 0x10D087: dcc_gcc_rewrite_fqn (compile.c:588) +==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) +==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) +==11382== by 0x10E380: main (distcc.c:352) +==11382== +==11382== +==11382== 1 errors in context 2 of 5: +==11382== Invalid write of size 1 +==11382== at 0x4C349C8: strcat (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) +==11382== by 0x10D165: dcc_gcc_rewrite_fqn (compile.c:611) +==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) +==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) +==11382== by 0x10E380: main (distcc.c:352) +==11382== Address 0x544e827 is 0 bytes after a block of size 23 alloc'd +==11382== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) +==11382== by 0x10D087: dcc_gcc_rewrite_fqn (compile.c:588) +==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) +==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) +==11382== by 0x10E380: main (distcc.c:352) + +and ALT Linux' hardened glibc does not quite like that. +Correctly compute the `newcmd_len` to avoid the problem. + +ALTBUG: #40425 +--- a/src/compile.c ++++ b/src/compile.c +@@ -584,7 +584,7 @@ static int dcc_gcc_rewrite_fqn(char **argv) + return -ENOENT; + + +- newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0] + 1); ++ newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0]) + 1; + newcmd = malloc(newcmd_len); + if (!newcmd) + return -ENOMEM; + -- cgit v1.2.3