From 15ee132b447d7e1abb82799c96c86c4feb9e6eb7 Mon Sep 17 00:00:00 2001 From: nijtmans Date: Mon, 6 Dec 2010 10:30:49 +0000 Subject: [Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and -D_FORTIFY_SOURCE=2 --- ChangeLog | 7 +++++++ generic/tkSelect.c | 8 ++++---- generic/tkTextDisp.c | 8 ++++---- unix/tkUnixWm.c | 8 ++++---- win/tkWinWm.c | 8 ++++---- 5 files changed, 23 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index d28e943..24c8794 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2010-12-06 Jan Nijtmans + + * generic/tkSelect.c: [Bug 3129527]: Fix buffer overflow w/ GCC 4.5 and + * generic/tkTextDisp.c -D_FORTIFY_SOURCE=2 + * unix/tkUnixWm.c + * win/tkWinWm.c + 2010-12-05 Jan Nijtmans * unix/tcl.m4: [Patch #3116490] cross-compile support for unix diff --git a/generic/tkSelect.c b/generic/tkSelect.c index beebe12..6077754 100644 --- a/generic/tkSelect.c +++ b/generic/tkSelect.c @@ -10,7 +10,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkSelect.c,v 1.32 2010/11/29 09:07:13 nijtmans Exp $ + * RCS: @(#) $Id: tkSelect.c,v 1.33 2010/12/06 10:30:49 nijtmans Exp $ */ #include "tkInt.h" @@ -30,7 +30,7 @@ typedef struct { * chunk. */ char buffer[TCL_UTF_MAX]; /* A buffer to hold part of a UTF character * that is split across chunks. */ - char command[4]; /* Command to invoke. Actual space is + char command[1]; /* Command to invoke. Actual space is * allocated as large as necessary. This must * be the last entry in the structure. */ } CommandInfo; @@ -902,13 +902,13 @@ Tk_SelectionObjCmd( Tk_DeleteSelHandler(tkwin, selection, target); } else { cmdInfoPtr = (CommandInfo *) ckalloc((unsigned) ( - sizeof(CommandInfo) - 3 + cmdLength)); + (Tk_Offset(CommandInfo, command) + 1) + cmdLength)); cmdInfoPtr->interp = interp; cmdInfoPtr->charOffset = 0; cmdInfoPtr->byteOffset = 0; cmdInfoPtr->buffer[0] = '\0'; cmdInfoPtr->cmdLength = cmdLength; - strcpy(cmdInfoPtr->command, string); + memcpy(cmdInfoPtr->command, string, cmdLength + 1); Tk_CreateSelHandler(tkwin, selection, target, HandleTclCommand, cmdInfoPtr, format); } diff --git a/generic/tkTextDisp.c b/generic/tkTextDisp.c index 9dc4316..849123f 100644 --- a/generic/tkTextDisp.c +++ b/generic/tkTextDisp.c @@ -12,7 +12,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkTextDisp.c,v 1.77 2010/01/07 15:32:18 dkf Exp $ + * RCS: @(#) $Id: tkTextDisp.c,v 1.78 2010/12/06 10:30:49 nijtmans Exp $ */ #include "tkInt.h" @@ -415,8 +415,8 @@ typedef struct TextDInfo { typedef struct CharInfo { int numBytes; /* Number of bytes to display. */ - char chars[4]; /* UTF characters to display. Actual size will - * be numBytes, not 4. THIS MUST BE THE LAST + char chars[1]; /* UTF characters to display. Actual size will + * be numBytes, not 1. THIS MUST BE THE LAST * FIELD IN THE STRUCTURE. */ } CharInfo; @@ -7170,7 +7170,7 @@ TkTextCharLayoutProc( #if !TK_LAYOUT_WITH_BASE_CHUNKS ciPtr = (CharInfo *) - ckalloc((unsigned) bytesThatFit + Tk_Offset(CharInfo, chars) + 1); + ckalloc((unsigned) ((Tk_Offset(CharInfo, chars) + 1) + bytesThatFit)); chunkPtr->clientData = ciPtr; memcpy(ciPtr->chars, p, (unsigned) bytesThatFit); #endif /* TK_LAYOUT_WITH_BASE_CHUNKS */ diff --git a/unix/tkUnixWm.c b/unix/tkUnixWm.c index c45d5d5..61b94a7 100644 --- a/unix/tkUnixWm.c +++ b/unix/tkUnixWm.c @@ -12,7 +12,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkUnixWm.c,v 1.83 2010/06/15 11:16:02 nijtmans Exp $ + * RCS: @(#) $Id: tkUnixWm.c,v 1.84 2010/12/06 10:30:50 nijtmans Exp $ */ #include "tkUnixInt.h" @@ -30,7 +30,7 @@ typedef struct ProtocolHandler { * same top-level window, or NULL for end of * list. */ Tcl_Interp *interp; /* Interpreter in which to invoke command. */ - char command[4]; /* Tcl command to invoke when a client message + char command[1]; /* Tcl command to invoke when a client message * for this protocol arrives. The actual size * of the structure varies to accommodate the * needs of the actual command. THIS MUST BE @@ -38,7 +38,7 @@ typedef struct ProtocolHandler { } ProtocolHandler; #define HANDLER_SIZE(cmdLength) \ - ((unsigned) (sizeof(ProtocolHandler) - 3 + cmdLength)) + ((unsigned) ((Tk_Offset(ProtocolHandler, command) + 1) + cmdLength)) /* * Data for [wm attributes] command: @@ -3028,7 +3028,7 @@ WmProtocolCmd( protPtr->nextPtr = wmPtr->protPtr; wmPtr->protPtr = protPtr; protPtr->interp = interp; - strcpy(protPtr->command, cmd); + memcpy(protPtr->command, cmd, cmdLength + 1); } if (!(wmPtr->flags & WM_NEVER_MAPPED)) { UpdateWmProtocols(wmPtr); diff --git a/win/tkWinWm.c b/win/tkWinWm.c index 9428444..94c8bb8 100644 --- a/win/tkWinWm.c +++ b/win/tkWinWm.c @@ -12,7 +12,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkWinWm.c,v 1.146 2010/11/29 11:25:09 nijtmans Exp $ + * RCS: @(#) $Id: tkWinWm.c,v 1.147 2010/12/06 10:30:50 nijtmans Exp $ */ #include "tkWinInt.h" @@ -60,7 +60,7 @@ typedef struct ProtocolHandler { * same top-level window, or NULL for end of * list. */ Tcl_Interp *interp; /* Interpreter in which to invoke command. */ - char command[4]; /* Tcl command to invoke when a client message + char command[1]; /* Tcl command to invoke when a client message * for this protocol arrives. The actual size * of the structure varies to accommodate the * needs of the actual command. THIS MUST BE @@ -68,7 +68,7 @@ typedef struct ProtocolHandler { } ProtocolHandler; #define HANDLER_SIZE(cmdLength) \ - ((unsigned) (sizeof(ProtocolHandler) - 3 + cmdLength)) + ((unsigned) ((Tk_Offset(ProtocolHandler, command) + 1) + cmdLength)) /* * Helper type passed via lParam to TkWmStackorderToplevelEnumProc @@ -4930,7 +4930,7 @@ WmProtocolCmd( protPtr->nextPtr = wmPtr->protPtr; wmPtr->protPtr = protPtr; protPtr->interp = interp; - strcpy(protPtr->command, cmd); + memcpy(protPtr->command, cmd, cmdLength + 1); } return TCL_OK; } -- cgit v0.12