X-Original-To: alpine-aports@lists.alpinelinux.org Received: from digitaltrip.hu (digitaltrip.hu [87.229.24.37]) by lists.alpinelinux.org (Postfix) with ESMTP id CA71E5C4246 for ; Sat, 4 Feb 2017 20:27:15 +0000 (GMT) Received: from localhost (localhost [127.0.0.1]) by digitaltrip.hu (Postfix) with ESMTP id 90906C0369 for ; Sat, 4 Feb 2017 21:27:14 +0100 (CET) Received: from digitaltrip.hu ([127.0.0.1]) by localhost (digitaltrip.hu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0cn6-IxzqWhD for ; Sat, 4 Feb 2017 21:27:12 +0100 (CET) Received: from digitaltrip.hu (localhost [127.0.0.1]) by digitaltrip.hu (Postfix) with ESMTP id B4B8BC0365 for ; Sat, 4 Feb 2017 21:27:12 +0100 (CET) X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_4d54433473845f9b32dbbd8d5243559c" Date: Sat, 04 Feb 2017 21:27:12 +0100 From: =?UTF-8?Q?Huszty_Gerg=C5=91?= To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] Re: [PATCH] community/minidlna: patch for potential segfaults Reply-To: huszty.gergo@digitaltrip.hu Mail-Reply-To: huszty.gergo@digitaltrip.hu In-Reply-To: <20170204201354.26019-1-huszty.gergo@digitaltrip.hu> References: <20170204201354.26019-1-huszty.gergo@digitaltrip.hu> Message-ID: X-Sender: huszty.gergo@digitaltrip.hu User-Agent: Roundcube Webmail/1.2.0 --=_4d54433473845f9b32dbbd8d5243559c Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8" SGksIA0KDQogRm9yZ290IHRvIG1lbnRpb24gdGhhdCBpdCBpcyBhbHNvIHJlcG9ydGVkIHRvIHRo ZSBtaW5pZGxuYSBwcm9qZWN0Og0KaHR0cHM6Ly9zb3VyY2Vmb3JnZS5uZXQvcC9taW5pZGxuYS9i dWdzLzI5NC8gDQoNCkJyLA0KIEdlcmdvIA0KDQoyMDE3LTAyLTA0IDIxOjEzIGlkxZFwb250YmFu IEdlcmdvIEh1c3p0eSBlenQgw61ydGE6DQoNCj4gRnJvbTogbGliZXN6IDxodXN6dHkuZ2VyZ29A ZGlnaXRhbHRyaXAuaHU+DQo+IA0KPiBOZm8gcGFyc2luZyByZWxhdGVkIGZpeGVzIGFkZGVkIGlu IGEgcGF0Y2guDQo+IC0gdW5pbml0YWxpemVkIHN0cmluZyAoR2V0VmlkZW9NZXRhZGF0YSgpIC0g bmZvKSAtPiBtZW1zZXQgdG8gMA0KPiAtIHN0YWNrIHdhcyBraWNrZWQgd2l0aCA2NGsgYnVmZmVy IHVuY29uZGl0aW9uYWxseSAocGFyc2VfbmZvKCkgLSBidWYpIC0+IG5vdyBpdCBpcyBvbiBoZWFw IGFuZCBtYWxsb2MnZCBzaXplIGRlcGVuZHMgb24gZmlsZXNpemUNCj4gLS0tDQo+IGNvbW11bml0 eS9taW5pZGxuYS8xMC1taW5pZGxuYS1uZm8ucGF0Y2ggfCA0MiArKysrKysrKysrKysrKysrKysr KysrKysrKysrKysrKw0KPiBjb21tdW5pdHkvbWluaWRsbmEvQVBLQlVJTEQgICAgICAgICAgICAg IHwgMTQgKysrKysrKy0tLS0NCj4gMiBmaWxlcyBjaGFuZ2VkLCA1MSBpbnNlcnRpb25zKCspLCA1 IGRlbGV0aW9ucygtKQ0KPiBjcmVhdGUgbW9kZSAxMDA2NDQgY29tbXVuaXR5L21pbmlkbG5hLzEw LW1pbmlkbG5hLW5mby5wYXRjaA0KPiANCj4gZGlmZiAtLWdpdCBhL2NvbW11bml0eS9taW5pZGxu YS8xMC1taW5pZGxuYS1uZm8ucGF0Y2ggYi9jb21tdW5pdHkvbWluaWRsbmEvMTAtbWluaWRsbmEt bmZvLnBhdGNoDQo+IG5ldyBmaWxlIG1vZGUgMTAwNjQ0DQo+IGluZGV4IDAwMDAwMDAuLjhlMzQ5 N2MNCj4gLS0tIC9kZXYvbnVsbA0KPiArKysgYi9jb21tdW5pdHkvbWluaWRsbmEvMTAtbWluaWRs bmEtbmZvLnBhdGNoDQo+IEBAIC0wLDAgKzEsNDIgQEANCj4gKy0tLSBhL21ldGFkYXRhLmMNCj4g KysrKyBiL21ldGFkYXRhLmMNCj4gK0BAIC0xNjAsNyArMTYwLDcgQEANCj4gKyBwYXJzZV9uZm8o Y29uc3QgY2hhciAqcGF0aCwgbWV0YWRhdGFfdCAqbSkNCj4gKyB7DQo+ICsgICAgIEZJTEUgKm5m bzsNCj4gKy0gICAgY2hhciBidWZbNjU1MzZdOw0KPiArKyAgICBjaGFyICpidWY7DQo+ICsgICAg IHN0cnVjdCBOYW1lVmFsdWVQYXJzZXJEYXRhIHhtbDsNCj4gKyAgICAgc3RydWN0IHN0YXQgZmls ZTsNCj4gKyAgICAgc2l6ZV90IG5yZWFkOw0KPiArQEAgLTE3MiwxMSArMTcyLDEzIEBADQo+ICsg ICAgICAgICBEUFJJTlRGKEVfSU5GTywgTF9NRVRBREFUQSwgIk5vdCBwYXJzaW5nIHZlcnkgbGFy Z2UgLm5mbyBmaWxlICVzXG4iLCBwYXRoKTsNCj4gKyAgICAgICAgIHJldHVybjsNCj4gKyAgICAg fQ0KPiArKyAgICBidWYgPSBtYWxsb2MoZmlsZS5zdF9zaXplKzEpOw0KPiArKyAgICBtZW1zZXQo YnVmLCAnXDAnLCBmaWxlLnN0X3NpemUrMSk7DQo+ICsgICAgIERQUklOVEYoRV9ERUJVRywgTF9N RVRBREFUQSwgIlBhcnNpbmcgLm5mbyBmaWxlOiAlc1xuIiwgcGF0aCk7DQo+ICsgICAgIG5mbyA9 IGZvcGVuKHBhdGgsICJyIik7DQo+ICsgICAgIGlmKCAhbmZvICkNCj4gKyAgICAgICAgIHJldHVy bjsNCj4gKy0gICAgbnJlYWQgPSBmcmVhZCgmYnVmLCAxLCBzaXplb2YoYnVmKSwgbmZvKTsNCj4g KysgICAgbnJlYWQgPSBmcmVhZChidWYsIDEsIGZpbGUuc3Rfc2l6ZSwgbmZvKTsNCj4gKyANCj4g KyAgICAgUGFyc2VOYW1lVmFsdWUoYnVmLCBucmVhZCwgJnhtbCwgMCk7DQo+ICsgDQo+ICtAQCAt MjMwLDYgKzIzMiw3IEBADQo+ICsgDQo+ICsgICAgIENsZWFyTmFtZVZhbHVlTGlzdCgmeG1sKTsN Cj4gKyAgICAgZmNsb3NlKG5mbyk7DQo+ICsrICAgIGZyZWUoYnVmKTsNCj4gKyB9DQo+ICsgDQo+ ICsgdm9pZA0KPiArQEAgLTY3Niw2ICs2NzksNyBAQA0KPiArIA0KPiArICAgICBtZW1zZXQoJm0s ICdcMCcsIHNpemVvZihtKSk7DQo+ICsgICAgIG1lbXNldCgmdmlkZW8sICdcMCcsIHNpemVvZih2 aWRlbykpOw0KPiArKyAgICBtZW1zZXQobmZvLCAnXDAnLCBzaXplb2YobmZvKSk7DQo+ICsgDQo+ ICsgICAgIC8vREVCVUcgRFBSSU5URihFX0RFQlVHLCBMX01FVEFEQVRBLCAiUGFyc2luZyB2aWRl byAlcy4uLlxuIiwgbmFtZSk7DQo+ICsgICAgIGlmICggc3RhdChwYXRoLCAmZmlsZSkgIT0gMCAp DQo+IGRpZmYgLS1naXQgYS9jb21tdW5pdHkvbWluaWRsbmEvQVBLQlVJTEQgYi9jb21tdW5pdHkv bWluaWRsbmEvQVBLQlVJTEQNCj4gaW5kZXggY2FiNmI1OC4uZDY2ZmZkYiAxMDA2NDQNCj4gLS0t IGEvY29tbXVuaXR5L21pbmlkbG5hL0FQS0JVSUxEDQo+ICsrKyBiL2NvbW11bml0eS9taW5pZGxu YS9BUEtCVUlMRA0KPiBAQCAtMiwxMiArMiwxMyBAQA0KPiAjIE1haW50YWluZXI6IEZyYW5jZXNj byBDb2xpc3RhIDxmcmFuY2VzY28uY29saXN0YUBnbWFpbC5jb20+DQo+IHBrZ25hbWU9bWluaWRs bmENCj4gcGtndmVyPTEuMS41DQo+IC1wa2dyZWw9Mw0KPiArcGtncmVsPTQNCj4gcGtnZGVzYz0i QSBzbWFsbCBkbG5hIHNlcnZlciINCj4gdXJsPSJodHRwOi8vc291cmNlZm9yZ2UubmV0L3Byb2pl Y3RzL21pbmlkbG5hLyINCj4gYXJjaD0iYWxsIg0KPiBsaWNlbnNlPSJHUEwiDQo+IGRlcGVuZHM9 DQo+ICtvcHRpb25zPQ0KPiBtYWtlZGVwZW5kcz0iDQo+IGJzZC1jb21wYXQtaGVhZGVycw0KPiBs aWJ2b3JiaXMtZGV2DQo+IEBAIC0yNiw3ICsyNyw3IEBAIHBrZ2dyb3Vwcz0iJHBrZ25hbWUiDQo+ IHNvdXJjZT0iaHR0cDovL2Rvd25sb2Fkcy5zb3VyY2Vmb3JnZS5uZXQvcHJvamVjdC9taW5pZGxu YS9taW5pZGxuYS8kcGtndmVyL21pbmlkbG5hLSRwa2d2ZXIudGFyLmd6DQo+ICRwa2duYW1lLmlu aXRkDQo+ICRwa2duYW1lLmNvbmZkDQo+IC0gICAgIg0KPiArICAgIDEwLW1pbmlkbG5hLW5mby5w YXRjaCINCj4gDQo+IGJ1aWxkZGlyPSIkc3JjZGlyLyRwa2duYW1lLSRwa2d2ZXIiDQo+IA0KPiBA QCAtNjMsMTAgKzY0LDEzIEBAIHBhY2thZ2UoKSB7DQo+IA0KPiBtZDVzdW1zPSIxOTcwZTU1M2Ex ZWI4YTNlN2UzMDJlMmNlMjkyY2JjNCAgbWluaWRsbmEtMS4xLjUudGFyLmd6DQo+IDZkZDFlYzU1 NjBhYzMwZDdhMDQyNDQxMDFlOTEyZDQ1ICBtaW5pZGxuYS5pbml0ZA0KPiAtNTlkMTRjMWJmM2Nk NjM3MTM4YmZhNThkYjcyNTVkNzggIG1pbmlkbG5hLmNvbmZkIg0KPiArNTlkMTRjMWJmM2NkNjM3 MTM4YmZhNThkYjcyNTVkNzggIG1pbmlkbG5hLmNvbmZkDQo+ICtkZGIyYTQxNDI2MTEwOTUwOWE4 MWUyZWRlMDNlMTJiYSAgMTAtbWluaWRsbmEtbmZvLnBhdGNoIg0KPiBzaGEyNTZzdW1zPSI4NDc3 YWQwNDE2YmIyYWY1Y2Q4ZGE2ZGRlNmMwN2ZmZTFhNDEzNDkyYjdmZTQwYTM2MmJjODU4N2JlMTVh YjliICBtaW5pZGxuYS0xLjEuNS50YXIuZ3oNCj4gMjUxZTc5MGJiOGFkYjkxYjRkMDBkZDQ3NTQz YjliMDI0MDk4NzlhZGUwODUzZWJjM2JkMGZjMDE4NGJkNDg1ZSAgbWluaWRsbmEuaW5pdGQNCj4g LTY3NjAzZDY1YzZiZDM5MTgyNTVmMDUwY2I1Y2ZkNmZjMTM3M2IwMjRiY2ExY2U3MjhmMDM0OTFh OTBkNzllMTkgIG1pbmlkbG5hLmNvbmZkIg0KPiArNjc2MDNkNjVjNmJkMzkxODI1NWYwNTBjYjVj ZmQ2ZmMxMzczYjAyNGJjYTFjZTcyOGYwMzQ5MWE5MGQ3OWUxOSAgbWluaWRsbmEuY29uZmQNCj4g KzI2MzExYTk2YTZhNGE5MTZjMTUwODM5ZTQ2ZTVjNGEyNDIyZmUwMGYxNjI5MzA0ZTZmYjVkN2Rk ZGFjZGM4NGUgIDEwLW1pbmlkbG5hLW5mby5wYXRjaCINCj4gc2hhNTEyc3Vtcz0iMmE4ZWFhNDJm Y2RhNmY5ODY0OGYxNzI2YWY1Y2RiYTZkMjM1OGMzODY0NDBkZDBkZTkzMzM2NGNmYmQxY2VkMmZl ZTVmODgzMDMzZTFhNWE2OTJiNzYwNzQ5YmViMmMxMjc5ODAyMGEzNTkxZGRjZWEyMjY2MzEwMmQ0 ZjNkZmEgIG1pbmlkbG5hLTEuMS41LnRhci5neg0KPiBlMTY5NjFiYjY4YzAwNDI5N2YxZTI2NDIy YjFkMTViZDg1ODNiYTJlMGUzNmM4ODkwMmE0NTU3M2I2ODU5OTNmZmY4OGQyZDBkYWU4YzYyNGVh ZWRkYjBkZWNhNjE0ZGJjMTNiODM0NWYzNGI0YzM0ODk2MWMwMGIwNWMwZGYzMCAgbWluaWRsbmEu aW5pdGQNCj4gLWUyMDk4NDhhZjBkNzkwNjlhYzk4OWFkNjFkM2JlNjEwYjRjMGMyNzgzYTIwN2E1 MDQ2M2EyNWVjMzgxMWIwNGQxZGEzYTJhY2RlNTQ3NDk4NzhiZWM0NGUxNTY3ODc0ZWRlODI3Yjk3 OGQ1NDcyYzAwZjZhODU1NjYzZTVjYmY4ICBtaW5pZGxuYS5jb25mZCINCj4gK2UyMDk4NDhhZjBk NzkwNjlhYzk4OWFkNjFkM2JlNjEwYjRjMGMyNzgzYTIwN2E1MDQ2M2EyNWVjMzgxMWIwNGQxZGEz YTJhY2RlNTQ3NDk4NzhiZWM0NGUxNTY3ODc0ZWRlODI3Yjk3OGQ1NDcyYzAwZjZhODU1NjYzZTVj YmY4ICBtaW5pZGxuYS5jb25mZA0KPiArNGJlNTVjYTZjNGVlYWJjZmY3NDA2MDg4ZmIyY2Q0NjIz ZGQ4YWViYzQ1ZDgxOTA1Y2I0ZjFkMjRiMzkzM2E3NWMwN2FmODk2Y2U1NWFlZWI5ZGZlMjU5ODc4 MWYxYjllOGNmOWFmZjY3Y2JkNmZiY2Y3NjMxODE2NDJmOWI3N2YgIDEwLW1pbmlkbG5hLW5mby5w YXRjaCI= --=_4d54433473845f9b32dbbd8d5243559c Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

Hi,

 Forgot to mention that it is also reported to the minidlna project= : https://sourcefo= rge.net/p/minidlna/bugs/294/

Br,
 Gergo

2017-02-04 21:13 id=C5=91pontban Gergo Huszty ezt írta:

= From: libesz <huszty.gerg= o@digitaltrip.hu>

Nfo parsing related fixes added in a p= atch.
 - uninitalized string (GetVideoMetadata() - nfo) -> me= mset to 0
 - stack was kicked with 64k buffer unconditionally (p= arse_nfo() - buf) -> now it is on heap and malloc'd size depends on file= size
---
 community/minidlna/10-minidlna-nfo.patch | 42 ++= ++++++++++++++++++++++++++++++
 community/minidlna/APKBUILD &nbs= p;            |= 14 +++++++----
 2 files changed, 51 insertions(+), 5 deletions(= -)
 create mode 100644 community/minidlna/10-minidlna-nfo.patch<= br />
diff --git a/community/minidlna/10-minidlna-nfo.patch b/communi= ty/minidlna/10-minidlna-nfo.patch
new file mode 100644
index 00= 00000..8e3497c
--- /dev/null
+++ b/community/minidlna/10-minidl= na-nfo.patch
@@ -0,0 +1,42 @@
+--- a/metadata.c
++++ b/me= tadata.c
+@@ -160,7 +160,7 @@
+ parse_nfo(const char *path, met= adata_t *m)
+ {
+     FILE *nfo;
+- &= nbsp;  char buf[65536];
++    char *buf;
+     struct NameValueParserData xml;
+  =    struct stat file;
+     size_t = nread;
+@@ -172,11 +172,13 @@
+      &= nbsp;  DPRINTF(E_INFO, L_METADATA, "Not parsing very large .nfo f= ile %s\n", path);
+         r= eturn;
+     }
++    buf =3D= malloc(file.st_size+1);
++    memset(buf, '\0', file= =2Est_size+1);
+     DPRINTF(E_DEBUG, L_METADATA,= "Parsing .nfo file: %s\n", path);
+     nfo =3D = fopen(path, "r");
+     if( !nfo )
+  =        return;
+-   &nbs= p;nread =3D fread(&buf, 1, sizeof(buf), nfo);
++   &nbs= p;nread =3D fread(buf, 1, file.st_size, nfo);
+
+   =   ParseNameValue(buf, nread, &xml, 0);
+
+@@ -23= 0,6 +232,7 @@
+
+     ClearNameValueList(&= amp;xml);
+     fclose(nfo);
++   = ; free(buf);
+ }
+
+ void
+@@ -676,6 +679,7 @= @
+
+     memset(&m, '\0', sizeof(m));=
+     memset(&video, '\0', sizeof(video)); ++    memset(nfo, '\0', sizeof(nfo));
+
+ =     //DEBUG DPRINTF(E_DEBUG, L_METADATA, "Parsing video= %s...\n", name);
+     if ( stat(path, &file= ) !=3D 0 )
diff --git a/community/minidlna/APKBUILD b/community/minid= lna/APKBUILD
index cab6b58..d66ffdb 100644
--- a/community/mini= dlna/APKBUILD
+++ b/community/minidlna/APKBUILD
@@ -2,12 +2,13 = @@
 # Maintainer: Francesco Colista <francesco.colista@gmail.com>
 pkgn= ame=3Dminidlna
 pkgver=3D1.1.5
-pkgrel=3D3
+pkgrel= =3D4
 pkgdesc=3D"A small dlna server"
 url=3D"http://sourceforge.net/proje= cts/minidlna/"
 arch=3D"all"
 license=3D"GPL"
 depends=3D
+options=3D
 makedepends=3D"
&nb= sp;    bsd-compat-headers
    = ; libvorbis-dev
@@ -26,7 +27,7 @@ pkggroups=3D"$pkgname"
&= nbsp;source=3D"http://downloads.sourceforge.net= /project/minidlna/minidlna/$pkgver/minidlna-$pkgver.tar.gz
 =     $pkgname.initd
     = $pkgname.confd
-    "
+    10-min= idlna-nfo.patch"
 
 builddir=3D"$srcdir/$pkgname-$pkg= ver"
 
@@ -63,10 +64,13 @@ package() {
 
=  md5sums=3D"1970e553a1eb8a3e7e302e2ce292cbc4  minidlna-1.1.5.tar= =2Egz
 6dd1ec5560ac30d7a04244101e912d45  minidlna.initd
-59d14c1bf3cd637138bfa58db7255d78  minidlna.confd"
+59d14c1bf= 3cd637138bfa58db7255d78  minidlna.confd
+ddb2a414261109509a81e2e= de03e12ba  10-minidlna-nfo.patch"
 sha256sums=3D"8477ad0416= bb2af5cd8da6dde6c07ffe1a413492b7fe40a362bc8587be15ab9b  minidlna-1.1= =2E5.tar.gz
 251e790bb8adb91b4d00dd47543b9b02409879ade0853ebc3bd= 0fc0184bd485e  minidlna.initd
-67603d65c6bd3918255f050cb5cfd6fc1= 373b024bca1ce728f03491a90d79e19  minidlna.confd"
+67603d65c6bd39= 18255f050cb5cfd6fc1373b024bca1ce728f03491a90d79e19  minidlna.confd
+26311a96a6a4a916c150839e46e5c4a2422fe00f1629304e6fb5d7dddacdc84e  = 10-minidlna-nfo.patch"
 sha512sums=3D"2a8eaa42fcda6f98648f1726af= 5cdba6d2358c386440dd0de933364cfbd1ced2fee5f883033e1a5a692b760749beb2c127980= 20a3591ddcea22663102d4f3dfa  minidlna-1.1.5.tar.gz
 e16961b= b68c004297f1e26422b1d15bd8583ba2e0e36c88902a45573b685993fff88d2d0dae8c624ea= eddb0deca614dbc13b8345f34b4c348961c00b05c0df30  minidlna.initd
-= e209848af0d79069ac989ad61d3be610b4c0c2783a207a50463a25ec3811b04d1da3a2acde5= 4749878bec44e1567874ede827b978d5472c00f6a855663e5cbf8  minidlna.confd"=
+e209848af0d79069ac989ad61d3be610b4c0c2783a207a50463a25ec3811b04d1da= 3a2acde54749878bec44e1567874ede827b978d5472c00f6a855663e5cbf8  minidln= a.confd
+4be55ca6c4eeabcff7406088fb2cd4623dd8aebc45d81905cb4f1d24b393= 3a75c07af896ce55aeeb9dfe2598781f1b9e8cf9aff67cbd6fbcf763181642f9b77f  = 10-minidlna-nfo.patch"


--=_4d54433473845f9b32dbbd8d5243559c-- --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---