From d9f56d2b769b4cfce39f195178c30a407de8cccb Mon Sep 17 00:00:00 2001
From: nijtmans <nijtmans>
Date: Tue, 25 Jan 2011 08:49:59 +0000
Subject: [Patch #3129527]: Fix buffer overflow w/ GCC 4.5 and
 -D_FORTIFY_SOURCE=2. Just the strcpy->memcpy part, to prevent anything like
 [Bug #3164879]

---
 ChangeLog            | 7 +++++++
 generic/tkSelect.c   | 6 +++---
 generic/tkTextDisp.c | 4 ++--
 unix/.cvsignore      | 8 ++++++++
 unix/tkUnixWm.c      | 4 ++--
 win/tkWinWm.c        | 4 ++--
 6 files changed, 24 insertions(+), 9 deletions(-)
 create mode 100644 unix/.cvsignore

diff --git a/ChangeLog b/ChangeLog
index 1872bfb..06aa8da 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2011-01-25  Jan Nijtmans  <nijtmans@users.sf.net>
+
+	* generic/tkSelect.c:     [Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and
+	* generic/tkTextDisp.c    -D_FORTIFY_SOURCE=2. Just the strcpy->memcpy part,
+	* unix/tkUnixWm.c         to prevent anything like [Bug #3164879]
+	* win/tkWinWm.c
+
 2011-01-13  Jan Nijtmans  <nijtmans@users.sf.net>
 
 	* library/msgbox.tcl: [Patch #3154705] Close button has no
diff --git a/generic/tkSelect.c b/generic/tkSelect.c
index 73e41d8..dccb49f 100644
--- a/generic/tkSelect.c
+++ b/generic/tkSelect.c
@@ -11,7 +11,7 @@
  * See the file "license.terms" for information on usage and redistribution
  * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
  *
- * RCS: @(#) $Id: tkSelect.c,v 1.13.2.1 2005/11/22 11:32:37 dkf Exp $
+ * RCS: @(#) $Id: tkSelect.c,v 1.13.2.2 2011/01/25 08:49:59 nijtmans Exp $
  */
 
 #include "tkInt.h"
@@ -917,7 +917,7 @@ Tk_SelectionObjCmd(clientData, interp, objc, objv)
 		cmdInfoPtr->byteOffset = 0;
 		cmdInfoPtr->buffer[0] = '\0';
 		cmdInfoPtr->cmdLength = cmdLength;
-		strcpy(cmdInfoPtr->command, string);
+		memcpy(cmdInfoPtr->command, string, cmdLength + 1);
 		Tk_CreateSelHandler(tkwin, selection, target, HandleTclCommand,
 			(ClientData) cmdInfoPtr, format);
 	    }
@@ -1016,7 +1016,7 @@ Tk_SelectionObjCmd(clientData, interp, objc, objv)
 	    lostPtr = (LostCommand *) ckalloc((unsigned) (sizeof(LostCommand)
 		    -3 + cmdLength));
 	    lostPtr->interp = interp;
-	    strcpy(lostPtr->command, script);
+	    memcpy(lostPtr->command, script, cmdLength + 1);
 	    Tk_OwnSelection(tkwin, selection, LostSelection,
 		    (ClientData) lostPtr);
 	    return TCL_OK;
diff --git a/generic/tkTextDisp.c b/generic/tkTextDisp.c
index 48897bd..e16bace 100644
--- a/generic/tkTextDisp.c
+++ b/generic/tkTextDisp.c
@@ -11,7 +11,7 @@
  * See the file "license.terms" for information on usage and redistribution
  * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
  *
- * RCS: @(#) $Id: tkTextDisp.c,v 1.14.2.5 2007/04/29 02:24:02 das Exp $
+ * RCS: @(#) $Id: tkTextDisp.c,v 1.14.2.6 2011/01/25 08:49:59 nijtmans Exp $
  */
 
 #include "tkPort.h"
@@ -4586,7 +4586,7 @@ TkTextCharLayoutProc(textPtr, indexPtr, segPtr, byteOffset, maxX, maxBytes,
 	    (sizeof(CharInfo) - 3 + bytesThatFit));
     chunkPtr->clientData = (ClientData) ciPtr;
     ciPtr->numBytes = bytesThatFit;
-    strncpy(ciPtr->chars, p, (size_t) bytesThatFit);
+    memcpy(ciPtr->chars, p, (size_t) bytesThatFit);
     if (p[bytesThatFit - 1] == '\n') {
 	ciPtr->numBytes--;
     }
diff --git a/unix/.cvsignore b/unix/.cvsignore
new file mode 100644
index 0000000..96bf441
--- /dev/null
+++ b/unix/.cvsignore
@@ -0,0 +1,8 @@
+*.so
+*.a
+Makefile
+tkConfig.sh
+tktest
+wish
+config.cache
+config.status
diff --git a/unix/tkUnixWm.c b/unix/tkUnixWm.c
index 234b23f..f23cba4 100644
--- a/unix/tkUnixWm.c
+++ b/unix/tkUnixWm.c
@@ -12,7 +12,7 @@
  * See the file "license.terms" for information on usage and redistribution
  * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
  *
- * RCS: @(#) $Id: tkUnixWm.c,v 1.36.2.8 2010/01/23 01:36:03 patthoyts Exp $
+ * RCS: @(#) $Id: tkUnixWm.c,v 1.36.2.9 2011/01/25 08:49:59 nijtmans Exp $
  */
 
 #include "tkPort.h"
@@ -2708,7 +2708,7 @@ WmProtocolCmd(tkwin, winPtr, interp, objc, objv)
 	protPtr->nextPtr = wmPtr->protPtr;
 	wmPtr->protPtr = protPtr;
 	protPtr->interp = interp;
-	strcpy(protPtr->command, cmd);
+	memcpy(protPtr->command, cmd, cmdLength + 1);
     }
     if (!(wmPtr->flags & WM_NEVER_MAPPED)) {
 	UpdateWmProtocols(wmPtr);
diff --git a/win/tkWinWm.c b/win/tkWinWm.c
index f4d1f8b..96447dc 100644
--- a/win/tkWinWm.c
+++ b/win/tkWinWm.c
@@ -12,7 +12,7 @@
  * See the file "license.terms" for information on usage and redistribution
  * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
  *
- * RCS: @(#) $Id: tkWinWm.c,v 1.54.2.30 2009/01/16 23:46:50 andreas_kupries Exp $
+ * RCS: @(#) $Id: tkWinWm.c,v 1.54.2.31 2011/01/25 08:49:59 nijtmans Exp $
  */
 
 #include "tkWinInt.h"
@@ -4565,7 +4565,7 @@ WmProtocolCmd(tkwin, winPtr, interp, objc, objv)
 	protPtr->nextPtr = wmPtr->protPtr;
 	wmPtr->protPtr = protPtr;
 	protPtr->interp = interp;
-	strcpy(protPtr->command, cmd);
+	memcpy(protPtr->command, cmd, cmdLength + 1);
     }
     return TCL_OK;
 }
-- 
cgit v0.12