X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f66.google.com (mail-lf0-f66.google.com [209.85.215.66]) by lists.alpinelinux.org (Postfix) with ESMTP id 2BF3A5C424A for ; Mon, 6 Feb 2017 09:43:09 +0000 (GMT) Received: by mail-lf0-f66.google.com with SMTP id v186so3438441lfa.2 for ; Mon, 06 Feb 2017 01:43:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Og7PnokSNQIjodwO0Hvsg4pqILfTjzS4WVYLcJAwq6g=; b=WYbwdpX7MyuKvZdlFSgSXnhxtFplFel0a69KEf0i0nSKVLp7IR09JMaQv5MnuQhjTN ren5NIT3ZYmjEKHIchlu3+wWF6HO8KcfjZmC0gqJKLqr7eCaJPIhWYfyvPyfMLpYgDfX e8/WpZL3fO8zQko9Eau85uytyfA/AaTTlazaTarVpL9J0Wo0qtBJLGSNJeCvQec0RRnZ 0EAWm2ArGvudZ/juZLBdspgCDWBa7l+/8YrWx1T1P6GfBfXj5ouDfjM7hM/NsSr25SDO 7ET2WWYlrobAM3AKZwdpz8Hfw5lpyw1h/ICBcqmiSB2cjiGroLmWDpPZYzUnV75GRLLZ ddGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=Og7PnokSNQIjodwO0Hvsg4pqILfTjzS4WVYLcJAwq6g=; b=DlFBWh7ye1M5H64jg0+1J8iMROiYJ0ViLR975D0ARlg0l+XoIoKEl7+zlx46gV72QS Tq6aNc1LMZnQ7pgZgszQcA7uDeBnT8P4vdXtLHVryHSjHMexzQxONJcmPTMHZwMCD/C+ hV6EZESnM4bq5PPKWLyRhkjuht3ABkZNPzBb1iNH56/Zpri8fvu3o+LGMEFgD7XZLfli I9lZncc6ovjGfWdnu6L9BGctyi3QTgZ/JfROHD3vySJH16H8BR+YXOUZRWWp2PaWXfcp x4Y/7JjpMmm56boomaNygmxkHQeTnDNSn+SZO21kZniJO+zeGEAp7z3uGNLBb3edY0uD mCEw== X-Gm-Message-State: AMke39loWSgEXKLvkWkzG+Zp7Yjn7YXrx8jy4dz+ADSc6JKI7SX8WBjmVo9QL3dU1SMFlw== X-Received: by 10.25.22.96 with SMTP id m93mr3394511lfi.101.1486374188259; Mon, 06 Feb 2017 01:43:08 -0800 (PST) Received: from vostro.util.wtbts.net ([2001:1bc8:101:f402:e66f:13ff:fef3:8cd0]) by smtp.gmail.com with ESMTPSA id i20sm83275ljb.0.2017.02.06.01.43.07 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 06 Feb 2017 01:43:08 -0800 (PST) Sender: =?UTF-8?Q?Timo_Ter=C3=A4s?= Date: Mon, 6 Feb 2017 11:43:06 +0200 From: Timo Teras To: Gergo Huszty Cc: alpine-aports@lists.alpinelinux.org Subject: Re: [alpine-aports] [PATCH] community/minidlna: patch for potential segfaults Message-ID: <20170206114306.4920c40c@vostro.util.wtbts.net> In-Reply-To: <20170204201354.26019-1-huszty.gergo@digitaltrip.hu> References: <20170204201354.26019-1-huszty.gergo@digitaltrip.hu> X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.28; x86_64-alpine-linux-musl) X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Sat, 4 Feb 2017 20:13:54 +0000 Gergo Huszty wrote: > From: libesz > > Nfo parsing related fixes added in a patch. > - uninitalized string (GetVideoMetadata() - nfo) -> memset to 0 > - stack was kicked with 64k buffer unconditionally (parse_nfo() - > buf) -> now it is on heap and malloc'd size depends on filesize --- > community/minidlna/10-minidlna-nfo.patch | 42 > ++++++++++++++++++++++++++++++++ > community/minidlna/APKBUILD | 14 +++++++---- 2 files > changed, 51 insertions(+), 5 deletions(-) create mode 100644 > community/minidlna/10-minidlna-nfo.patch > > diff --git a/community/minidlna/10-minidlna-nfo.patch > b/community/minidlna/10-minidlna-nfo.patch new file mode 100644 > index 0000000..8e3497c > --- /dev/null > +++ b/community/minidlna/10-minidlna-nfo.patch > @@ -0,0 +1,42 @@ > +--- a/metadata.c > ++++ b/metadata.c > +@@ -160,7 +160,7 @@ > + parse_nfo(const char *path, metadata_t *m) > + { > + FILE *nfo; > +- char buf[65536]; > ++ char *buf; > + struct NameValueParserData xml; > + struct stat file; > + size_t nread; > +@@ -172,11 +172,13 @@ > + DPRINTF(E_INFO, L_METADATA, "Not parsing very > large .nfo file %s\n", path); > + return; > + } > ++ buf = malloc(file.st_size+1); The return value should be checked for out-of-memory. Additionally the code above checks for maximum of 65536, so using malloc does not help much here. Large files seem to be ignored intentionally. Though, if this fixes issues it's probably due to reducing stack usage. It might be better to increase default stack size, as large stack buffers might be used elsewhere. > ++ memset(buf, '\0', file.st_size+1); > + DPRINTF(E_DEBUG, L_METADATA, "Parsing .nfo file: %s\n", > path); > + nfo = fopen(path, "r"); > + if( !nfo ) > + return; > +- nread = fread(&buf, 1, sizeof(buf), nfo); > ++ nread = fread(buf, 1, file.st_size, nfo); > + > + ParseNameValue(buf, nread, &xml, 0); > + > +@@ -676,6 +679,7 @@ > + > + memset(&m, '\0', sizeof(m)); > + memset(&video, '\0', sizeof(video)); > ++ memset(nfo, '\0', sizeof(nfo)); > + > + //DEBUG DPRINTF(E_DEBUG, L_METADATA, "Parsing video > %s...\n", name); > + if ( stat(path, &file) != 0 ) This probable does not fix anything. nfo is strcpy:ied to. > @@ -63,10 +64,13 @@ package() { > > md5sums="1970e553a1eb8a3e7e302e2ce292cbc4 minidlna-1.1.5.tar.gz > 6dd1ec5560ac30d7a04244101e912d45 minidlna.initd > -59d14c1bf3cd637138bfa58db7255d78 minidlna.confd" > +59d14c1bf3cd637138bfa58db7255d78 minidlna.confd > +ddb2a414261109509a81e2ede03e12ba 10-minidlna-nfo.patch" > sha256sums="8477ad0416bb2af5cd8da6dde6c07ffe1a413492b7fe40a362bc8587be15ab9b Checksum did not match. There was changes to it after last 'abuild checksum' ? --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---