diff options
Diffstat (limited to 'meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch')
-rw-r--r-- | meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch b/meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch new file mode 100644 index 0000000000..8c2a04a3d5 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm/rpm-hardlink-segfault-fix.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | We need to sanity check that the nlink size and our linksLeft counter | ||
2 | do match. If an rpm is badly constructed with identical inode values | ||
3 | for multiple hardlinked files, such an rpm will otherwise access memory | ||
4 | out of array bounds and cause memory corruption and crashes. | ||
5 | |||
6 | The fix is to add in the sanity check and exit if bad circumstances | ||
7 | are found. We need to fix the caller to check the return code too. | ||
8 | |||
9 | RP 2014/6/10 | ||
10 | |||
11 | Upstream-Status: Pending | ||
12 | |||
13 | Index: rpm-5.4.9/lib/fsm.c | ||
14 | =================================================================== | ||
15 | --- rpm-5.4.9.orig/lib/fsm.c 2014-06-10 10:54:08.601049402 +0000 | ||
16 | +++ rpm-5.4.9/lib/fsm.c 2014-06-10 10:55:45.633046077 +0000 | ||
17 | @@ -495,6 +495,11 @@ | ||
18 | } | ||
19 | |||
20 | if (fsm->goal == IOSM_PKGBUILD) --fsm->li->linksLeft; | ||
21 | + if (fsm->li->linksLeft > st->st_nlink) { | ||
22 | + rpmlog(RPMLOG_ERR, _("Corrupted hardlinks found (count %d does not match %d), exiting.\n"), fsm->li->linksLeft, st->st_nlink); | ||
23 | + return -1; | ||
24 | + } | ||
25 | + | ||
26 | fsm->li->filex[fsm->li->linksLeft] = fsm->ix; | ||
27 | /*@-observertrans -dependenttrans@*/ | ||
28 | fsm->li->nsuffix[fsm->li->linksLeft] = fsm->nsuffix; | ||
29 | @@ -1876,8 +1881,13 @@ | ||
30 | fsm->postpone = iosmFileActionSkipped(fsm->action); | ||
31 | if (fsm->goal == IOSM_PKGINSTALL || fsm->goal == IOSM_PKGBUILD) { | ||
32 | /*@-evalorder@*/ /* FIX: saveHardLink can modify fsm */ | ||
33 | - if (S_ISREG(st->st_mode) && st->st_nlink > 1) | ||
34 | + if (S_ISREG(st->st_mode) && st->st_nlink > 1) { | ||
35 | fsm->postpone = saveHardLink(fsm); | ||
36 | + if (fsm->postpone < 0) { | ||
37 | + rc = RPMRC_FAIL; | ||
38 | + break; | ||
39 | + } | ||
40 | + } | ||
41 | /*@=evalorder@*/ | ||
42 | } | ||
43 | if (fsmGetFi(fsm)->mapflags & IOSM_PAYLOAD_LIST) fsm->postpone = 1; | ||