From bb4bef467e03d66c0592d3fc7b19d9a9ff0417f8 Mon Sep 17 00:00:00 2001 From: zhongtao Date: Wed, 24 May 2023 15:55:28 +0800 Subject: [PATCH] Fix crash in protocolbuffers#12104 Signed-off-by: zhongtao --- 0007-Fix-crash-in-protocolbuffers-12104.patch | 33 +++++++++++++++++++ protobuf.spec | 13 ++++++-- 2 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 0007-Fix-crash-in-protocolbuffers-12104.patch diff --git a/0007-Fix-crash-in-protocolbuffers-12104.patch b/0007-Fix-crash-in-protocolbuffers-12104.patch new file mode 100644 index 0000000..6a59699 --- /dev/null +++ b/0007-Fix-crash-in-protocolbuffers-12104.patch @@ -0,0 +1,33 @@ +From 7a8d11892912ff92cd50cb86198cb3694df6df4e Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 24 May 2023 14:54:23 +0800 +Subject: [PATCH] Fix crash in protocolbuffers#12104 + +This crash was due to the fact that we were passing `nullptr` as a `const +char*` parameter and relying on that implicitly converting into an empty +`absl::string_view`. `absl::string_view` supports that functionality, but +starting with C++17 its behavior changes since it's just a type alias for +`std::string_view`. `std::string_view` does not have any special conversion for +nullptr and so we were just getting crashes. + +PiperOrigin-RevId: 530431663 +--- + src/google/protobuf/wire_format.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/google/protobuf/wire_format.h b/src/google/protobuf/wire_format.h +index d42cefb..ec582e4 100644 +--- a/src/google/protobuf/wire_format.h ++++ b/src/google/protobuf/wire_format.h +@@ -356,7 +356,7 @@ inline void WireFormat::VerifyUTF8String(const char* data, int size, + WireFormat::Operation op) { + #ifdef GOOGLE_PROTOBUF_UTF8_VALIDATION_ENABLED + WireFormatLite::VerifyUtf8String( +- data, size, static_cast(op), NULL); ++ data, size, static_cast(op), /* field_name = */ ""); + #else + // Avoid the compiler warning about unused variables. + (void)data; +-- +2.40.1 + diff --git a/protobuf.spec b/protobuf.spec index fa25507..11a375c 100644 --- a/protobuf.spec +++ b/protobuf.spec @@ -8,7 +8,7 @@ Summary: Protocol Buffers - Google's data interchange format Name: protobuf Version: 3.14.0 -Release: 6 +Release: 7 License: BSD URL: https://github.com/protocolbuffers/protobuf Source: https://github.com/protocolbuffers/protobuf/releases/download/v%{version}%{?rcver}/%{name}-all-%{version}%{?rcver}.tar.gz @@ -18,8 +18,9 @@ Patch9000: 0001-add-secure-compile-option-in-Makefile.patch Patch9001: 0002-add-secure-compile-fs-check-in-Makefile.patch Patch9002: 0003-fix-CVE-2021-22570.patch Patch9003: 0004-Improve-performance-of-parsing-unknown-fields-in-Jav.patch -Patch9004: 0005-fix-CVE-2022-1941.patch -Patch9005: 0006-fix-CVE-2022-3171.patch +Patch9004: 0005-fix-CVE-2022-1941.patch +Patch9005: 0006-fix-CVE-2022-3171.patch +Patch9006: 0007-Fix-crash-in-protocolbuffers-12104.patch BuildRequires: make autoconf automake emacs gcc-c++ libtool pkgconfig zlib-devel @@ -325,6 +326,12 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_emacs_sitestartdir} %endif %changelog +* Thu May 25 2023 zhongtao - 3.14.0-7 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: Fix crash in protocolbuffers#12104 + * Tue Oct 18 2022 chengzeruizhi - 3.14.0-6 - Type:bugfix - ID:NA -- Gitee