diff --git a/Fix-possible-heap-buffer-overflow.patch b/Fix-possible-heap-buffer-overflow.patch new file mode 100644 index 0000000000000000000000000000000000000000..31bba1b3eeed7466609e8ed80095ef6451096e08 --- /dev/null +++ b/Fix-possible-heap-buffer-overflow.patch @@ -0,0 +1,25 @@ +diff --git a/src/bucket.c b/src/bucket.c +index 4a5a04c..79b4607 100644 +--- a/src/bucket.c ++++ b/src/bucket.c +@@ -432,9 +432,18 @@ _gdbm_split_bucket (GDBM_FILE dbf, int next_insert) + for (index = 0; index < dbf->header->bucket_elems; index++) + { + bucket_element *old_el = &dbf->bucket->h_table[index]; +- hash_bucket *bucket = ++ hash_bucket *bucket; ++ int elem_loc; ++ ++ if (old_el->hash_value < 0) ++ { ++ GDBM_SET_ERRNO (dbf, GDBM_BAD_BUCKET, TRUE); ++ return -1; ++ } ++ ++ bucket = + newcache[(old_el->hash_value >> (GDBM_HASH_BITS - new_bits)) & 1]->ca_bucket; +- int elem_loc = old_el->hash_value % dbf->header->bucket_elems; ++ elem_loc = old_el->hash_value % dbf->header->bucket_elems; + while (bucket->h_table[elem_loc].hash_value != -1) + elem_loc = (elem_loc + 1) % dbf->header->bucket_elems; + bucket->h_table[elem_loc] = *old_el; diff --git a/gdbm.spec b/gdbm.spec index 5b72c355d03bde84bfeaf6cf193351ac0799437e..4e555a60c1766e3c270b7d167daf838e482f4f51 100644 --- a/gdbm.spec +++ b/gdbm.spec @@ -1,6 +1,6 @@ Name: gdbm Version: 1.22 -Release: 10 +Release: 11 Epoch: 1 Summary: A library of database functions that work similar to the standard UNIX dbm License: GPLv3+ @@ -15,6 +15,7 @@ Patch4: Fix-coredump-in-gdbmtool-history-command.patch Patch5: Fix-semantics-of-gdbm_load-r.patch Patch6: Improve-handling-of-u-in-gdbm_load.patch Patch7: Fix-allocated-memory-not-released.patch +Patch8: Fix-possible-heap-buffer-overflow.patch BuildRequires: gcc libtool gettext readline-devel bison flex texinfo @@ -106,6 +107,9 @@ fi %{_infodir}/*.info* %changelog +* Mon Sep 5 2022 wangpeng - 1:1.22-11 +- DESC: Fix possible heap buffer overflow + * Tue Aug 30 2022 yangchenguang - 1:1.22-10 - DESC: Fix allocated memory not released