diff options
Diffstat (limited to 'meta/recipes-devtools/git/files/CVE-2022-41903-08.patch')
-rw-r--r-- | meta/recipes-devtools/git/files/CVE-2022-41903-08.patch | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/files/CVE-2022-41903-08.patch b/meta/recipes-devtools/git/files/CVE-2022-41903-08.patch new file mode 100644 index 0000000000..3de6a5ba6a --- /dev/null +++ b/meta/recipes-devtools/git/files/CVE-2022-41903-08.patch | |||
@@ -0,0 +1,67 @@ | |||
1 | From 17d23e8a3812a5ca3dd6564e74d5250f22e5d76d Mon Sep 17 00:00:00 2001 | ||
2 | From: Patrick Steinhardt <ps@pks.im> | ||
3 | Date: Thu, 1 Dec 2022 15:47:00 +0100 | ||
4 | Subject: [PATCH 08/12] utf8: fix returning negative string width | ||
5 | |||
6 | The `utf8_strnwidth()` function calls `utf8_width()` in a loop and adds | ||
7 | its returned width to the end result. `utf8_width()` can return `-1` | ||
8 | though in case it reads a control character, which means that the | ||
9 | computed string width is going to be wrong. In the worst case where | ||
10 | there are more control characters than non-control characters, we may | ||
11 | even return a negative string width. | ||
12 | |||
13 | Fix this bug by treating control characters as having zero width. | ||
14 | |||
15 | Signed-off-by: Patrick Steinhardt <ps@pks.im> | ||
16 | Signed-off-by: Junio C Hamano <gitster@pobox.com> | ||
17 | |||
18 | Upstream-Status: Backport [https://github.com/git/git/commit/17d23e8a3812a5ca3dd6564e74d5250f22e5d76d] | ||
19 | CVE: CVE-2022-41903 | ||
20 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
21 | --- | ||
22 | t/t4205-log-pretty-formats.sh | 6 ++++++ | ||
23 | utf8.c | 8 ++++++-- | ||
24 | 2 files changed, 12 insertions(+), 2 deletions(-) | ||
25 | |||
26 | diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh | ||
27 | index 23ac508..261a6f0 100755 | ||
28 | --- a/t/t4205-log-pretty-formats.sh | ||
29 | +++ b/t/t4205-log-pretty-formats.sh | ||
30 | @@ -820,6 +820,12 @@ test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing wrapping dire | ||
31 | test_cmp expect error | ||
32 | ' | ||
33 | |||
34 | +test_expect_success 'log --pretty with padding and preceding control chars' ' | ||
35 | + printf "\20\20 0" >expect && | ||
36 | + git log -1 --pretty="format:%x10%x10%>|(4)%x30" >actual && | ||
37 | + test_cmp expect actual | ||
38 | +' | ||
39 | + | ||
40 | test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' | ||
41 | # We only assert that this command does not crash. This needs to be | ||
42 | # executed with the address sanitizer to demonstrate failure. | ||
43 | diff --git a/utf8.c b/utf8.c | ||
44 | index a66984b..6632bd2 100644 | ||
45 | --- a/utf8.c | ||
46 | +++ b/utf8.c | ||
47 | @@ -212,11 +212,15 @@ int utf8_strnwidth(const char *string, size_t len, int skip_ansi) | ||
48 | const char *orig = string; | ||
49 | |||
50 | while (string && string < orig + len) { | ||
51 | - int skip; | ||
52 | + int glyph_width, skip; | ||
53 | + | ||
54 | while (skip_ansi && | ||
55 | (skip = display_mode_esc_sequence_len(string)) != 0) | ||
56 | string += skip; | ||
57 | - width += utf8_width(&string, NULL); | ||
58 | + | ||
59 | + glyph_width = utf8_width(&string, NULL); | ||
60 | + if (glyph_width > 0) | ||
61 | + width += glyph_width; | ||
62 | } | ||
63 | return string ? width : len; | ||
64 | } | ||
65 | -- | ||
66 | 2.25.1 | ||
67 | |||