yasr: fix buffer overflows and other corrections

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: yasr: fix buffer overflows and other corrections
From: adr <adr%sdf.org@localhost>
Date: Sun, 03 Mar 2024 20:20:59 +0000
Module Name:	pkgsrc-wip
Committed By:	adr <adr%sdf.org@localhost>
Pushed By:	adr
Date:		Sun Mar 3 20:20:59 2024 +0000
Changeset:	532c30920a4fe579d6d9a5b3b757322fca07fcdf

Modified Files:
	yasr/Makefile
	yasr/distinfo
	yasr/patches/patch-yasr_main.c
Added Files:
	yasr/patches/patch-yasr_yasr.h

Log Message:
yasr: fix buffer overflows and other corrections

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=532c30920a4fe579d6d9a5b3b757322fca07fcdf

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 yasr/Makefile                  |   3 +
 yasr/distinfo                  |   3 +-
 yasr/patches/patch-yasr_main.c | 161 ++++++++++++++++++++++++++++-------------
 yasr/patches/patch-yasr_yasr.h |  22 ++++++
 4 files changed, 139 insertions(+), 50 deletions(-)

diffs:
diff --git a/yasr/Makefile b/yasr/Makefile
index a5d6dcd8ff..82f7e45535 100644
--- a/yasr/Makefile
+++ b/yasr/Makefile
@@ -14,6 +14,9 @@ LICENSE=	gnu-gpl-v2
 USE_LANGUAGES=	c
 USE_TOOLS=	pkg-config msgfmt xgettext
 
+#REMOVE!!!!!!!!!!!!!!!
+CFLAGS+=	"-ggdb"
+
 .include "../../devel/meson/build.mk"
 .include "../../audio/speech-dispatcher/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff --git a/yasr/distinfo b/yasr/distinfo
index dca86fb992..8b1038613b 100644
--- a/yasr/distinfo
+++ b/yasr/distinfo
@@ -4,6 +4,7 @@ BLAKE2s (yasr-0.0.0.144-f60db19350542e6f4b7d268a310b9f2b9f3076c0.tar.gz) = 72d9f
 SHA512 (yasr-0.0.0.144-f60db19350542e6f4b7d268a310b9f2b9f3076c0.tar.gz) = 1a97f4d18586e9e72a01b05b0c6240a7e346b44d920771d662a0cbf9cba26467732d5681f391938d01cf0bd9e269bf0879fd7fcbf48f9678b5eafa30cbecca63
 Size (yasr-0.0.0.144-f60db19350542e6f4b7d268a310b9f2b9f3076c0.tar.gz) = 99434 bytes
 SHA1 (patch-meson.build) = 81c27075691073e33799681441e4662275e62d3a
-SHA1 (patch-yasr_main.c) = eba329640d584c260e2b31e90b3b0ae15acc3d9b
+SHA1 (patch-yasr_main.c) = 4fe18d9741f962a699fe64f1c680d267fbc68de2
 SHA1 (patch-yasr_tts.c) = 67656ad2e02a734deb136c56bf3e2ea79989b005
 SHA1 (patch-yasr_yasr.conf) = 73157a2dec79cb39050a4617af99e59349ca9531
+SHA1 (patch-yasr_yasr.h) = 68c15be283d0c21e94d0acf890cbea95634b5827
diff --git a/yasr/patches/patch-yasr_main.c b/yasr/patches/patch-yasr_main.c
index fda116c47c..bf49cc7cac 100644
--- a/yasr/patches/patch-yasr_main.c
+++ b/yasr/patches/patch-yasr_main.c
@@ -2,11 +2,10 @@ $NetBSD$
 
 Remove non-portable use of WCHAR_T in iconv code.
 Remove the enforcing of UTF-8
-Fix a bug speaking a char when cursor-right is input after space
 
 --- yasr/main.c.orig	2023-04-08 21:22:57.000000000 +0000
 +++ yasr/main.c
-@@ -33,8 +33,6 @@
+@@ -33,14 +33,14 @@
  #include <sys/types.h>
  #include <sys/wait.h>
  #include <langinfo.h>
@@ -15,7 +14,17 @@ Fix a bug speaking a char when cursor-right is input after space
  static int cpid;
  static int size, wsize;
  static int master, slave;
-@@ -307,23 +305,13 @@ is_separator (int ch)
+ char *conffile = NULL;
+-unsigned char buf[256];
+-wchar_t wide_buf[256];
++#define BUF_MAX 256
++#define WIDE_BUF_MAX 256
++char buf[BUF_MAX];
++wchar_t wide_buf[WIDE_BUF_MAX];
+ char usershell[OPT_STR_SIZE];
+ static struct termios t;
+ Win *win;
+@@ -307,23 +307,13 @@ is_separator (int ch)
  static int
  getkey_buf ()
  {
@@ -42,67 +51,131 @@ Fix a bug speaking a char when cursor-right is input after space
    key = (int) buf[0];
    if (size > 1)
    {
-@@ -361,6 +349,7 @@ getinput ()
+@@ -355,7 +345,7 @@ getinput ()
+ {
+   int key;
+ 
+-  size = read (0, buf, 255);
++  size = read (0, buf, BUF_MAX);
+   if (size <= 0)
+   {
      finish (0);
+@@ -533,19 +523,19 @@ oldgulp (unsigned char *buf, int *size, 
+     if (ep)
+     {
+       n = buf + *size - *ep;
+-      (void) memmove (buf, *ep, 256 - n);
+-      *size = n + read (master, buf + n, 255 - n);
++      (void) memmove (buf, *ep, BUF_MAX - n);
++      *size = n + read (master, buf + n, BUF_MAX - 1  - n);
+       buf[*size] = '\0';
+       (void) write (1, buf + n, *size - n);
+       *ep = buf;
+       return ((char *) buf + n);
+     }
+-    *size = read (master, buf, 255);
++    *size = read (master, buf, BUF_MAX - 1);
+     buf[*size] = '\0';
+     (void) write (1, buf, *size);
+     return ((char *) buf);
    }
-   key = getkey_buf ();
-+
-   if (key == ui.disable)
-   {
-     if (ui.disabled)
-@@ -561,8 +550,10 @@ static char *bytes_left_start;
+-  *size += read (master, buf + *size, 255 - *size);
++  *size += read (master, buf + *size, BUF_MAX - 1 - *size);
+   buf[*size] = '\0';
+   return ((char *) (buf + os));
+ }
+@@ -556,18 +546,19 @@ oldgulp (unsigned char *buf, int *size, 
+ function reads portion of data into buf and converts
+ to wide string, leaving 'leave' character in wide_buf;
+ */
+-static int bytes_left;
++static int bytes_left = 0;
+ static char *bytes_left_start;
  static void
  read_buf (int leave)
  {
 -  char *b1, *b2;
 -  size_t s1, s2;
-+  int i;
-+  char *b1;
-+  wchar_t *b2;
-+  size_t s1;
++  int mbcharsize;
++  char *bmb;
++  wchar_t *bwc;
++  size_t smb;
++
    if (bytes_left)
-   {
+-  {
      memcpy (buf, bytes_left_start, bytes_left);
-@@ -578,19 +569,17 @@ read_buf (int leave)
+-  }
+-  size = read (master, buf + bytes_left, 255 - bytes_left - leave);
++  size = read (master, buf + bytes_left, BUF_MAX - bytes_left - 1);
+   if (size < 0)
+   {
+     perror ("read");
+@@ -577,32 +568,44 @@ read_buf (int leave)
+   size += bytes_left;
    buf[size] = 0;
    bytes_left = 0;
-   b1 = (char *) buf;
+-  b1 = (char *) buf;
 -  b2 = (char *) (wide_buf + leave);
-+  b2 = wide_buf + leave;
-   if (leave)
-     memcpy (wide_buf, wide_buf + wsize - leave,
- 	    sizeof (wchar_t) * (wsize - leave));
-   s1 = size;
+-  if (leave)
+-    memcpy (wide_buf, wide_buf + wsize - leave,
+-	    sizeof (wchar_t) * (wsize - leave));
+-  s1 = size;
 -  s2 = (255 - leave) * sizeof (wchar_t);
-   while (s1 > 0)
-   {
+-  while (s1 > 0)
+-  {
 -
 -    iconv (ih_inp, NULL, NULL, NULL, NULL);
 -    if (iconv (ih_inp, &b1, &s1, &b2, &s2) == (size_t) -1)
-+    i = mbtowc (b2, b1, s1);
-+    if (i == -1)
++  bmb = buf;
++  bwc = wide_buf + leave;
++  if (leave != 0 && leave < wsize)
++    //memcpy (wide_buf, wide_buf + wsize - leave, sizeof (wchar_t) * leave);
++    wmemcpy (wide_buf, wide_buf + wsize - leave, leave);
++  smb = size;
++  wsize = 0;
++  while (smb > 0 && wsize < (WIDE_BUF_MAX - 1))
++  {
++    mbcharsize = mbtowc (bwc, bmb, smb);
++    if (mbcharsize == 0) /* it reached buf[size] */
++    {
++      bytes_left = 0;
++      bytes_left_start = NULL;
++      wsize = bwc - wide_buf;
++      wide_buf[wsize] = 0;
++      return;
++    }
++    if (mbcharsize == -1)
      {
 -      if (errno == EINVAL)	/* incomplete sequence at end of buffer */
 +      if (errno == EILSEQ)	/* incomplete sequence at end of buffer */
        {
  	break;
        }
-@@ -599,10 +588,13 @@ read_buf (int leave)
-       b1++;
-       s1--;
-     }
-+    ++b2;
-+    b1 += i;
-+    s1 -= i;
-   }
-   bytes_left = s1;
-   bytes_left_start = b1;
+       /* invalid multibyte sequence - should we ignore or insert
+          some character meaning 'invalid'? */
+-      b1++;
+-      s1--;
+-    }
+-  }
+-  bytes_left = s1;
+-  bytes_left_start = b1;
 -  wsize = (wchar_t *) b2 - wide_buf;
-+  wsize = b2 - wide_buf;
++      bmb++;
++      smb--;
++      continue;
++    }
++    bwc++;
++    bmb += mbcharsize;
++    smb -= mbcharsize;
++    wsize = bwc - wide_buf;
++  }
++  bytes_left = smb;
++  bytes_left_start = bmb;
++  wsize = bwc - wide_buf;
    wide_buf[wsize] = 0;
  }
  
-@@ -1253,6 +1245,7 @@ getoutput ()
+@@ -1253,6 +1256,7 @@ getoutput ()
        tts.oflag = oldoflag;
      }
    }
@@ -110,17 +183,7 @@ Fix a bug speaking a char when cursor-right is input after space
    if (ch == 13 || ch == 10 || ch == 32)
    {
      tts_flush ();
-@@ -1268,7 +1261,8 @@ getoutput ()
-   {
-     tts_flush ();
-   }
--  if (tts.oflag || kbuf[0] == 13 || kbuf[0] == 3 || ui.silent)
-+  /* Workaround cursor move right after space... */
-+  if ((tts.oflag || kbuf[0] == 13 || kbuf[0] == 3 || ui.silent) && kbuf[0] != 0x1b5b43)
-   {
-     tts.oflag = stathit = 0;
-     oldcr = win->cr;
-@@ -1470,17 +1464,6 @@ main (int argc, char *argv[])
+@@ -1470,17 +1474,6 @@ main (int argc, char *argv[])
    bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR);
    textdomain (GETTEXT_PACKAGE);
    strcpy (charmap, nl_langinfo (CODESET));
diff --git a/yasr/patches/patch-yasr_yasr.h b/yasr/patches/patch-yasr_yasr.h
new file mode 100644
index 0000000000..6569c8d9f3
--- /dev/null
+++ b/yasr/patches/patch-yasr_yasr.h
@@ -0,0 +1,22 @@
+$NetBSD$
+
+Remove size of array declarations defined elsewhere
+
+--- yasr/yasr.h.orig	2023-04-08 21:22:57.000000000 +0000
++++ yasr/yasr.h
+@@ -304,11 +304,11 @@ extern int cl_synthport;
+ extern Opt opt[];
+ extern int synthopt;
+ extern char *conffile;
+-extern unsigned char buf[256];
+-extern int kbuf[100];
++extern char buf[];
++extern int kbuf[];
+ extern int kbuflen;
+-extern char usershell[OPT_STR_SIZE];
+-extern char ttsbuf[80];
++extern char usershell[];
++extern char ttsbuf[];
+ extern Voices voices;
+ extern int special;
+ extern char charmap[];
Prev by Date: rust17{5,6}: cargo.mk: remove trailing empty line.
Next by Date: yasr: fix memcpy overlaps
Previous by Thread: rust17{5,6}: cargo.mk: remove trailing empty line.
Next by Thread: yasr: fix memcpy overlaps
Indexes:
Home | Main Index | Thread Index | Old Index