From caf9ae726a33bbe684d0a2b317f03cdb0c669e1a Mon Sep 17 00:00:00 2001 From: lingsheng Date: Thu, 17 Jun 2021 16:54:23 +0800 Subject: [PATCH] Fix some errors in oss-fuzz build --- ...ant_name-with-vimonly-if-long-enough.patch | 26 +++ ...oadDictionary-if-not-dictionary_name.patch | 30 +++ ...ing-the-tests-with-fsanitize-address.patch | 184 ++++++++++++++++++ ...-the-vimcomparison-and-check-PATHSEP.patch | 34 ++++ espeak-ng.spec | 12 +- 5 files changed, 284 insertions(+), 2 deletions(-) create mode 100644 Compare-variant_name-with-vimonly-if-long-enough.patch create mode 100644 Copy-name-in-LoadDictionary-if-not-dictionary_name.patch create mode 100644 Fix-running-the-tests-with-fsanitize-address.patch create mode 100644 Simplify-the-vimcomparison-and-check-PATHSEP.patch diff --git a/Compare-variant_name-with-vimonly-if-long-enough.patch b/Compare-variant_name-with-vimonly-if-long-enough.patch new file mode 100644 index 0000000..9e3e5b3 --- /dev/null +++ b/Compare-variant_name-with-vimonly-if-long-enough.patch @@ -0,0 +1,26 @@ +From c9ca77a4d415b838810fb22f85c728d211433197 Mon Sep 17 00:00:00 2001 +From: "Reece H. Dunn" +Date: Wed, 21 Mar 2018 21:16:08 +0000 +Subject: [PATCH] Compare variant_name with "!v" only if long enough + +Various places call SetVoiceStack with "" for the variant_name. This +causes -fsanitize=address to fail with an overflow as the call to +memcmp is checking the first 2 bytes, and there is only 1 byte +available. +--- + src/libespeak-ng/readclause.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libespeak-ng/readclause.c b/src/libespeak-ng/readclause.c +index 52362de44..26bc35b96 100644 +--- a/src/libespeak-ng/readclause.c ++++ b/src/libespeak-ng/readclause.c +@@ -599,7 +599,7 @@ void SetVoiceStack(espeak_VOICE *v, const char *variant_name) + sp->voice_age = v->age; + sp->voice_gender = v->gender; + +- if (memcmp(variant_name, "!v", 2) == 0) ++ if (strlen(variant_name) >= 2 && memcmp(variant_name, "!v", 2) == 0) + variant_name += 3; // strip variant directory name, !v plus PATHSEP + strncpy0(base_voice_variant_name, variant_name, sizeof(base_voice_variant_name)); + memcpy(&base_voice, ¤t_voice_selected, sizeof(base_voice)); diff --git a/Copy-name-in-LoadDictionary-if-not-dictionary_name.patch b/Copy-name-in-LoadDictionary-if-not-dictionary_name.patch new file mode 100644 index 0000000..4294a2b --- /dev/null +++ b/Copy-name-in-LoadDictionary-if-not-dictionary_name.patch @@ -0,0 +1,30 @@ +From b60d2452c34ac6ebf01a3c09c17193b8c8e2a3fd Mon Sep 17 00:00:00 2001 +From: "Reece H. Dunn" +Date: Wed, 21 Mar 2018 20:37:44 +0000 +Subject: [PATCH] Copy name in LoadDictionary if not dictionary_name + +compiledict.c sets dict_name to dictionary_name if dict_name is +not set, and passes that to LoadDictionary. LoadDictionary then +copies the passed in name to dictionary_name. + +This causes -fsanitize=address to fail with overlapping memory +addresses passed to strncpy (copying the string to itself). As +such, don't copy the name in this case. +--- + src/libespeak-ng/dictionary.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/libespeak-ng/dictionary.c b/src/libespeak-ng/dictionary.c +index f6bdf1823..5d1f44ba0 100644 +--- a/src/libespeak-ng/dictionary.c ++++ b/src/libespeak-ng/dictionary.c +@@ -201,7 +201,8 @@ int LoadDictionary(Translator *tr, const char *name, int no_error) + int size; + char fname[sizeof(path_home)+20]; + +- strncpy(dictionary_name, name, 40); // currently loaded dictionary name ++ if (dictionary_name != name) ++ strncpy(dictionary_name, name, 40); // currently loaded dictionary name + strncpy(tr->dictionary_name, name, 40); + + // Load a pronunciation data file into memory diff --git a/Fix-running-the-tests-with-fsanitize-address.patch b/Fix-running-the-tests-with-fsanitize-address.patch new file mode 100644 index 0000000..fbd523d --- /dev/null +++ b/Fix-running-the-tests-with-fsanitize-address.patch @@ -0,0 +1,184 @@ +From da95f5d5c7275f6ea72110cf768939351424f18a Mon Sep 17 00:00:00 2001 +From: "Reece H. Dunn" +Date: Mon, 20 Aug 2018 18:48:51 +0100 +Subject: [PATCH 1/4] Update the Unicode Data Files license. + +--- + COPYING.UCD | 40 +++++++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 11 deletions(-) + +diff --git a/COPYING.UCD b/COPYING.UCD +index 51608df18..38ff09a13 100644 +--- a/COPYING.UCD ++++ b/COPYING.UCD +@@ -1,8 +1,29 @@ ++Unicode Data Files include all data files under the directories ++http://www.unicode.org/Public/, http://www.unicode.org/reports/, ++http://www.unicode.org/cldr/data/, http://source.icu-project.org/repos/icu/, and ++http://www.unicode.org/utility/trac/browser/. ++ ++Unicode Data Files do not include PDF online code charts under the ++directory http://www.unicode.org/Public/. ++ ++Software includes any source code published in the Unicode Standard ++or under the directories ++http://www.unicode.org/Public/, http://www.unicode.org/reports/, ++http://www.unicode.org/cldr/data/, http://source.icu-project.org/repos/icu/, and ++http://www.unicode.org/utility/trac/browser/. ++ ++NOTICE TO USER: Carefully read the following legal agreement. ++BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S ++DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"), ++YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE ++TERMS AND CONDITIONS OF THIS AGREEMENT. ++IF YOU DO NOT AGREE, DO NOT DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE ++THE DATA FILES OR SOFTWARE. ++ + COPYRIGHT AND PERMISSION NOTICE + +-Copyright © 1991-2014 Unicode, Inc. All rights reserved. +-Distributed under the Terms of Use in +-http://www.unicode.org/copyright.html. ++Copyright © 1991-2018 Unicode, Inc. All rights reserved. ++Distributed under the Terms of Use in http://www.unicode.org/copyright.html. + + Permission is hereby granted, free of charge, to any person obtaining + a copy of the Unicode data files and any associated documentation +@@ -11,14 +32,11 @@ a copy of the Unicode data files and any associated documentation + without restriction, including without limitation the rights to use, + copy, modify, merge, publish, distribute, and/or sell copies of + the Data Files or Software, and to permit persons to whom the Data Files +-or Software are furnished to do so, provided that +-(a) this copyright and permission notice appear with all copies +-of the Data Files or Software, +-(b) this copyright and permission notice appear in associated +-documentation, and +-(c) there is clear notice in each modified Data File or in the Software +-as well as in the documentation associated with the Data File(s) or +-Software that the data or software has been modified. ++or Software are furnished to do so, provided that either ++(a) this copyright and permission notice appear with all copies ++of the Data Files or Software, or ++(b) this copyright and permission notice appear in associated ++Documentation. + + THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF + ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE + +From 1a895f37b9cb868234a2278a410a234259b08905 Mon Sep 17 00:00:00 2001 +From: "Reece H. Dunn" +Date: Tue, 4 May 2021 17:51:28 +0100 +Subject: [PATCH 2/4] Fix running the tests with -fsanitize=address. + +--- + src/case.c | 8 ++++---- + tools/case.py | 6 +++--- + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/ucd-tools/src/case.c b/src/ucd-tools/src/case.c +index 04c9736af..b11c869c5 100644 +--- a/src/ucd-tools/src/case.c ++++ b/src/ucd-tools/src/case.c +@@ -1,6 +1,6 @@ + /* Unicode Case Conversion + * +- * Copyright (C) 2012-2016 Reece H. Dunn ++ * Copyright (C) 2012-2018, 2021 Reece H. Dunn + * + * This file is part of ucd-tools. + * +@@ -2664,7 +2664,7 @@ static const struct case_conversion_entry case_conversion_data[] = + codepoint_t ucd_toupper(codepoint_t c) + { + int begin = 0; +- int end = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]); ++ int end = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]) - 1; + while (begin <= end) + { + int pos = (begin + end) / 2; +@@ -2682,7 +2682,7 @@ codepoint_t ucd_toupper(codepoint_t c) + codepoint_t ucd_tolower(codepoint_t c) + { + int begin = 0; +- int end = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]); ++ int end = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]) - 1; + while (begin <= end) + { + int pos = (begin + end) / 2; +@@ -2700,7 +2700,7 @@ codepoint_t ucd_tolower(codepoint_t c) + codepoint_t ucd_totitle(codepoint_t c) + { + int begin = 0; +- int end = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]); ++ int end = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]) - 1; + while (begin <= end) + { + int pos = (begin + end) / 2; +diff --git a/src/ucd-tools/tools/case.py b/src/ucd-tools/tools/case.py +index 9daa57409..33cd54721 100755 +--- a/src/ucd-tools/tools/case.py ++++ b/src/ucd-tools/tools/case.py +@@ -1,6 +1,6 @@ + #!/usr/bin/python + +-# Copyright (C) 2012-2016 Reece H. Dunn ++# Copyright (C) 2012-2018, 2021 Reece H. Dunn + # + # This file is part of ucd-tools. + # +@@ -33,7 +33,7 @@ + if __name__ == '__main__': + sys.stdout.write("""/* Unicode Case Conversion + * +- * Copyright (C) 2012-2016 Reece H. Dunn ++ * Copyright (C) 2012-2018, 2021 Reece H. Dunn + * + * This file is part of ucd-tools. + * +@@ -83,7 +83,7 @@ + sys.stdout.write('codepoint_t ucd_to%s(codepoint_t c)\n' % case) + sys.stdout.write('{\n') + sys.stdout.write('\tint begin = 0;\n') +- sys.stdout.write('\tint end = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]);\n') ++ sys.stdout.write('\tint end = sizeof(case_conversion_data)/sizeof(case_conversion_data[0]) - 1;\n') + sys.stdout.write('\twhile (begin <= end)\n') + sys.stdout.write('\t{\n') + sys.stdout.write('\t\tint pos = (begin + end) / 2;\n') + +From 2b2eac1d8bede4956b1c2aa51d418a956583801e Mon Sep 17 00:00:00 2001 +From: "Reece H. Dunn" +Date: Tue, 4 May 2021 17:54:15 +0100 +Subject: [PATCH 3/4] Fix the note in case.py/case.c. + +--- + src/case.c | 2 +- + tools/case.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/ucd-tools/src/case.c b/src/ucd-tools/src/case.c +index b11c869c5..dd17dc4ff 100644 +--- a/src/ucd-tools/src/case.c ++++ b/src/ucd-tools/src/case.c +@@ -19,7 +19,7 @@ + */ + + /* NOTE: This file is automatically generated from the UnicodeData.txt file in +- * the Unicode Character database by the ucd-tools/tools/categories.py script. ++ * the Unicode Character database by the ucd-tools/tools/case.py script. + */ + + #include "ucd/ucd.h" +diff --git a/src/ucd-tools/tools/case.py b/src/ucd-tools/tools/case.py +index 33cd54721..b6d15efd0 100755 +--- a/src/ucd-tools/tools/case.py ++++ b/src/ucd-tools/tools/case.py +@@ -52,7 +52,7 @@ + */ + + /* NOTE: This file is automatically generated from the UnicodeData.txt file in +- * the Unicode Character database by the ucd-tools/tools/categories.py script. ++ * the Unicode Character database by the ucd-tools/tools/case.py script. + */ + + #include "ucd/ucd.h" + diff --git a/Simplify-the-vimcomparison-and-check-PATHSEP.patch b/Simplify-the-vimcomparison-and-check-PATHSEP.patch new file mode 100644 index 0000000..eaba95e --- /dev/null +++ b/Simplify-the-vimcomparison-and-check-PATHSEP.patch @@ -0,0 +1,34 @@ +From 444e4544d24632d5ba6ce90bb14c12d80fbb006e Mon Sep 17 00:00:00 2001 +From: "Reece H. Dunn" +Date: Wed, 21 Mar 2018 21:24:03 +0000 +Subject: [PATCH] Simplify the !v comparison and check PATHSEP + +SetVoiceStack looks for "!v" in variant_name and skips the first +three characters if "!v" is found. The problem here is that it +does not check that the third character is the path separator, so +may advance into unknown memory if variant_name is exactly "!v". + +This fixes that problem by checking for the path separator. It +also simplifies the logic by checking the bytes explicitly. + +NOTE: This is not strictly needed, as the only code paths this is +relevant for is in espeak_ng_SetVoiceByName, and the variant name +comes from ExtractVoiceVariantName, which sets up the variant name +correctly. +--- + src/libespeak-ng/readclause.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libespeak-ng/readclause.c b/src/libespeak-ng/readclause.c +index 26bc35b96..aa884d59e 100644 +--- a/src/libespeak-ng/readclause.c ++++ b/src/libespeak-ng/readclause.c +@@ -599,7 +599,7 @@ void SetVoiceStack(espeak_VOICE *v, const char *variant_name) + sp->voice_age = v->age; + sp->voice_gender = v->gender; + +- if (strlen(variant_name) >= 2 && memcmp(variant_name, "!v", 2) == 0) ++ if (variant_name[0] == '!' && variant_name[1] == 'v' && variant_name[2] == PATHSEP) + variant_name += 3; // strip variant directory name, !v plus PATHSEP + strncpy0(base_voice_variant_name, variant_name, sizeof(base_voice_variant_name)); + memcpy(&base_voice, ¤t_voice_selected, sizeof(base_voice)); diff --git a/espeak-ng.spec b/espeak-ng.spec index 67518ec..811ed0f 100644 --- a/espeak-ng.spec +++ b/espeak-ng.spec @@ -1,6 +1,6 @@ Name: espeak-ng Version: 1.49.2 -Release: 5 +Release: 6 Summary: eSpeak NG is an open source speech synthesizer License: GPLv3+ URL: https://github.com/espeak-ng/espeak-ng @@ -9,6 +9,11 @@ BuildRequires: make autoconf automake libtool pkgconfig rubygem-ronn rubygem-kr Provides: espeak-ng-vim = %{version}-%{release} Obsoletes: espeak-ng-vim < %{version}-%{release} +Patch0001: Fix-running-the-tests-with-fsanitize-address.patch +Patch0002: Copy-name-in-LoadDictionary-if-not-dictionary_name.patch +Patch0003: Compare-variant_name-with-vimonly-if-long-enough.patch +Patch0004: Simplify-the-vimcomparison-and-check-PATHSEP.patch + %description The eSpeak NG is a compact open source software text-to-speech synthesizer for Linux, Windows, Android and other operating systems. It supports 70 languages @@ -32,7 +37,7 @@ Obsoletes: espeak-ng-doc < %{version}-%{release} Documentation for espeak-ng. %prep -%autosetup -n espeak-ng-%{version} +%autosetup -n espeak-ng-%{version} -p1 rm -rf src/include/compat/endian.h src/compat/getopt.c android/ %build ./autogen.sh @@ -73,5 +78,8 @@ ESPEAK_DATA_PATH=`pwd` LD_LIBRARY_PATH=src:${LD_LIBRARY_PATH} src/espeak-ng ... %{_mandir}/man1/{speak-ng.1.gz,espeak-ng.1.gz} %changelog +* Thu Jun 17 2021 lingsheng - 1.49.2-6 +- Fix some errors in oss-fuzz build + * Tue Dec 3 2019 Ling Yang - 1.49.2-5 - Package init -- Gitee