libjson-c: update to 0.14

Update libjson-c to 0.14
Changelog: https://github.com/json-c/json-c/wiki/Notes-for-v0.14-release

Switch to CMake because the upstream build system was changed

ipk size increased by 2KB

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>

diff --git a/package/libs/libjson-c/Makefile b/package/libs/libjson-c/Makefile
index f02518310a3e77476e82dbe8adbc66f3195aac9d..5e88bba9a3fb082d8f64d93c4ac0c978e7f58a9b 100644 (file)
--- a/package/libs/libjson-c/Makefile
+++ b/package/libs/libjson-c/Makefile
@@ -8,26 +8,25 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=json-c
-PKG_VERSION:=0.13.1
-PKG_RELEASE:=2
+PKG_VERSION:=0.14
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-nodoc.tar.gz
 PKG_SOURCE_URL:=https://s3.amazonaws.com/json-c_releases/releases/
-PKG_HASH:=94a26340c0785fcff4f46ff38609cf84ebcd670df0c8efd75d039cc951d80132
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
+PKG_HASH:=99914e644a25201d82ccefa20430f7515c110923360f9ef46755527c02412afa
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
 PKG_CPE_ID:=cpe:/a:json-c_project:json-c
 
-PKG_FIXUP:=autoreconf
-PKG_INSTALL:=1
+CMAKE_INSTALL:=1
+CMAKE_OPTIONS += -DCMAKE_INSTALL_INCLUDEDIR=$(STAGING_DIR)/usr/include
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/host-build.mk
+include $(INCLUDE_DIR)/cmake.mk
 
 TARGET_CFLAGS += $(FPIC) -Wno-implicit-fallthrough
 HOST_CFLAGS += -Wno-implicit-fallthrough
@@ -38,22 +37,13 @@ define Package/libjson-c
   CATEGORY:=Libraries
   TITLE:=javascript object notation
   URL:=https://json-c.github.io/json-c/
-  ABI_VERSION:=4
+  ABI_VERSION:=5
 endef
 
 define Package/libjson-c/description
  This package contains a library for javascript object notation backends.
 endef
 
-define Build/InstallDev
-       $(INSTALL_DIR) $(1)/usr/include
-       $(CP) $(PKG_INSTALL_DIR)/usr/include/json-c $(1)/usr/include/
-       $(INSTALL_DIR) $(1)/usr/lib
-       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libjson-c.{a,so*} $(1)/usr/lib/
-       $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
-       $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/json-c.pc $(1)/usr/lib/pkgconfig/
-endef
-
 define Package/libjson-c/install
        $(INSTALL_DIR) $(1)/usr/lib
        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libjson-c.so.* $(1)/usr/lib/

diff --git a/package/libs/libjson-c/patches/000-libm.patch b/package/libs/libjson-c/patches/000-libm.patch
index de98e35d4346d37c84483cf1748491156c1dbead..35ffec87243b599de0e1c4f654306dccb664a8df 100644 (file)
--- a/package/libs/libjson-c/patches/000-libm.patch
+++ b/package/libs/libjson-c/patches/000-libm.patch
@@ -1,18 +1,3 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -76,12 +76,6 @@ AC_FUNC_VPRINTF
- AC_FUNC_MEMCMP
- AC_CHECK_FUNCS([realloc])
- AC_CHECK_FUNCS(strcasecmp strdup strerror snprintf vsnprintf vasprintf open vsyslog strncasecmp setlocale)
--AC_CHECK_DECLS([INFINITY], [], [], [[#include <math.h>]])
--AC_CHECK_DECLS([nan], [], [], [[#include <math.h>]])
--AC_CHECK_DECLS([isnan], [], [], [[#include <math.h>]])
--AC_CHECK_DECLS([isinf], [], [], [[#include <math.h>]])
--AC_CHECK_DECLS([_isnan], [], [], [[#include <float.h>]])
--AC_CHECK_DECLS([_finite], [], [], [[#include <float.h>]])
- AC_MSG_CHECKING(for GCC atomic builtins)
- AC_LINK_IFELSE(
- [
 --- a/math_compat.h
 +++ b/math_compat.h
 @@ -6,31 +6,9 @@
@@ -22,17 +7,17 @@
 -/* Define isnan, isinf, infinity and nan on Windows/MSVC */
 -
 -#ifndef HAVE_DECL_ISNAN
--# ifdef HAVE_DECL__ISNAN
+-#ifdef HAVE_DECL__ISNAN
 -#include <float.h>
 -#define isnan(x) _isnan(x)
--# endif
+-#endif
 -#endif
 -
 -#ifndef HAVE_DECL_ISINF
--# ifdef HAVE_DECL__FINITE
+-#ifdef HAVE_DECL__FINITE
 -#include <float.h>
 -#define isinf(x) (!_finite(x))
--# endif
+-#endif
 -#endif
 -
 -#ifndef HAVE_DECL_INFINITY

diff --git a/package/libs/libjson-c/patches/001-Fix-CVE-2020-12762.patch b/package/libs/libjson-c/patches/001-Fix-CVE-2020-12762.patch
new file mode 100644 (file)
index 0000000..3871d99
--- /dev/null
+++ b/package/libs/libjson-c/patches/001-Fix-CVE-2020-12762.patch
@@ -0,0 +1,180 @@
+From 5d6fa331418d49f1bd488553fd1cfa9ab023fabb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Thu, 14 May 2020 12:32:30 +0200
+Subject: [PATCH] Fix CVE-2020-12762.
+
+This commit is a squashed backport of the following commits
+on the master branch:
+
+  * 099016b7e8d70a6d5dd814e788bba08d33d48426
+  * 77d935b7ae7871a1940cd827e850e6063044ec45
+  * d07b91014986900a3a75f306d302e13e005e9d67
+  * 519dfe1591d85432986f9762d41d1a883198c157
+  * a59d5acfab4485d5133114df61785b1fc633e0c6
+  * 26f080997d41cfdb17beab65e90c82217d0ac43b
+---
+ arraylist.c          |  3 +++
+ linkhash.c           |  9 ++++++++-
+ printbuf.c           | 18 ++++++++++++++++--
+ tests/test4.c        | 29 +++++++++++++++++++++++++++++
+ tests/test4.expected |  1 +
+ 5 files changed, 57 insertions(+), 3 deletions(-)
+
+--- a/arraylist.c
++++ b/arraylist.c
+@@ -136,6 +136,9 @@ int array_list_del_idx(struct array_list
+ {
+       size_t i, stop;
+ 
++      /* Avoid overflow in calculation with large indices. */
++      if (idx > SIZE_T_MAX - count)
++              return -1;
+       stop = idx + count;
+       if (idx >= arr->length || stop > arr->length)
+               return -1;
+--- a/linkhash.c
++++ b/linkhash.c
+@@ -12,6 +12,7 @@
+ 
+ #include "config.h"
+ 
++#include <assert.h>
+ #include <limits.h>
+ #include <stdarg.h>
+ #include <stddef.h>
+@@ -499,6 +500,8 @@ struct lh_table *lh_table_new(int size,
+       int i;
+       struct lh_table *t;
+ 
++      /* Allocate space for elements to avoid divisions by zero. */
++      assert(size > 0);
+       t = (struct lh_table *)calloc(1, sizeof(struct lh_table));
+       if (!t)
+               return NULL;
+@@ -578,8 +581,12 @@ int lh_table_insert_w_hash(struct lh_tab
+       unsigned long n;
+ 
+       if (t->count >= t->size * LH_LOAD_FACTOR)
+-              if (lh_table_resize(t, t->size * 2) != 0)
++      {
++              /* Avoid signed integer overflow with large tables. */
++              int new_size = (t->size > INT_MAX / 2) ? INT_MAX : (t->size * 2);
++              if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0)
+                       return -1;
++      }
+ 
+       n = h % t->size;
+ 
+--- a/printbuf.c
++++ b/printbuf.c
+@@ -15,6 +15,7 @@
+ 
+ #include "config.h"
+ 
++#include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -66,9 +67,16 @@ static int printbuf_extend(struct printb
+       if (p->size >= min_size)
+               return 0;
+ 
+-      new_size = p->size * 2;
+-      if (new_size < min_size + 8)
++      /* Prevent signed integer overflows with large buffers. */
++      if (min_size > INT_MAX - 8)
++              return -1;
++      if (p->size > INT_MAX / 2)
+               new_size = min_size + 8;
++      else {
++              new_size = p->size * 2;
++              if (new_size < min_size + 8)
++                      new_size = min_size + 8;
++      }
+ #ifdef PRINTBUF_DEBUG
+       MC_DEBUG("printbuf_memappend: realloc "
+                "bpos=%d min_size=%d old_size=%d new_size=%d\n",
+@@ -83,6 +91,9 @@ static int printbuf_extend(struct printb
+ 
+ int printbuf_memappend(struct printbuf *p, const char *buf, int size)
+ {
++      /* Prevent signed integer overflows with large buffers. */
++      if (size > INT_MAX - p->bpos - 1)
++              return -1;
+       if (p->size <= p->bpos + size + 1)
+       {
+               if (printbuf_extend(p, p->bpos + size + 1) < 0)
+@@ -100,6 +111,9 @@ int printbuf_memset(struct printbuf *pb,
+ 
+       if (offset == -1)
+               offset = pb->bpos;
++      /* Prevent signed integer overflows with large buffers. */
++      if (len > INT_MAX - offset)
++              return -1;
+       size_needed = offset + len;
+       if (pb->size < size_needed)
+       {
+--- a/tests/test4.c
++++ b/tests/test4.c
+@@ -3,12 +3,15 @@
+  */
+ 
+ #include "config.h"
++#include <assert.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <string.h>
+ 
+ #include "json_inttypes.h"
+ #include "json_object.h"
+ #include "json_tokener.h"
++#include "snprintf_compat.h"
+ 
+ void print_hex(const char *s)
+ {
+@@ -24,6 +27,29 @@ void print_hex(const char *s)
+       putchar('\n');
+ }
+ 
++static void test_lot_of_adds(void);
++static void test_lot_of_adds()
++{
++      int ii;
++      char key[50];
++      json_object *jobj = json_object_new_object();
++      assert(jobj != NULL);
++      for (ii = 0; ii < 500; ii++)
++      {
++              snprintf(key, sizeof(key), "k%d", ii);
++              json_object *iobj = json_object_new_int(ii);
++              assert(iobj != NULL);
++              if (json_object_object_add(jobj, key, iobj))
++              {
++                      fprintf(stderr, "FAILED to add object #%d\n", ii);
++                      abort();
++              }
++      }
++      printf("%s\n", json_object_to_json_string(jobj));
++      assert(json_object_object_length(jobj) == 500);
++      json_object_put(jobj);
++}
++
+ int main(void)
+ {
+       const char *input = "\"\\ud840\\udd26,\\ud840\\udd27,\\ud800\\udd26,\\ud800\\udd27\"";
+@@ -52,5 +78,8 @@ int main(void)
+               retval = 1;
+       }
+       json_object_put(parse_result);
++
++      test_lot_of_adds();
++
+       return retval;
+ }
+--- a/tests/test4.expected
++++ b/tests/test4.expected
+@@ -1,3 +1,4 @@
+ input: "\ud840\udd26,\ud840\udd27,\ud800\udd26,\ud800\udd27"
+ JSON parse result is correct: 𠄦,𠄧,𐄦,𐄧
+ PASS
++{ "k0": 0, "k1": 1, "k2": 2, "k3": 3, "k4": 4, "k5": 5, "k6": 6, "k7": 7, "k8": 8, "k9": 9, "k10": 10, "k11": 11, "k12": 12, "k13": 13, "k14": 14, "k15": 15, "k16": 16, "k17": 17, "k18": 18, "k19": 19, "k20": 20, "k21": 21, "k22": 22, "k23": 23, "k24": 24, "k25": 25, "k26": 26, "k27": 27, "k28": 28, "k29": 29, "k30": 30, "k31": 31, "k32": 32, "k33": 33, "k34": 34, "k35": 35, "k36": 36, "k37": 37, "k38": 38, "k39": 39, "k40": 40, "k41": 41, "k42": 42, "k43": 43, "k44": 44, "k45": 45, "k46": 46, "k47": 47, "k48": 48, "k49": 49, "k50": 50, "k51": 51, "k52": 52, "k53": 53, "k54": 54, "k55": 55, "k56": 56, "k57": 57, "k58": 58, "k59": 59, "k60": 60, "k61": 61, "k62": 62, "k63": 63, "k64": 64, "k65": 65, "k66": 66, "k67": 67, "k68": 68, "k69": 69, "k70": 70, "k71": 71, "k72": 72, "k73": 73, "k74": 74, "k75": 75, "k76": 76, "k77": 77, "k78": 78, "k79": 79, "k80": 80, "k81": 81, "k82": 82, "k83": 83, "k84": 84, "k85": 85, "k86": 86, "k87": 87, "k88": 88, "k89": 89, "k90": 90, "k91": 91, "k92": 92, "k93": 93, "k94": 94, "k95": 95, "k96": 96, "k97": 97, "k98": 98, "k99": 99, "k100": 100, "k101": 101, "k102": 102, "k103": 103, "k104": 104, "k105": 105, "k106": 106, "k107": 107, "k108": 108, "k109": 109, "k110": 110, "k111": 111, "k112": 112, "k113": 113, "k114": 114, "k115": 115, "k116": 116, "k117": 117, "k118": 118, "k119": 119, "k120": 120, "k121": 121, "k122": 122, "k123": 123, "k124": 124, "k125": 125, "k126": 126, "k127": 127, "k128": 128, "k129": 129, "k130": 130, "k131": 131, "k132": 132, "k133": 133, "k134": 134, "k135": 135, "k136": 136, "k137": 137, "k138": 138, "k139": 139, "k140": 140, "k141": 141, "k142": 142, "k143": 143, "k144": 144, "k145": 145, "k146": 146, "k147": 147, "k148": 148, "k149": 149, "k150": 150, "k151": 151, "k152": 152, "k153": 153, "k154": 154, "k155": 155, "k156": 156, "k157": 157, "k158": 158, "k159": 159, "k160": 160, "k161": 161, "k162": 162, "k163": 163, "k164": 164, "k165": 165, "k166": 166, "k167": 167, "k168": 168, "k169": 169, "k170": 170, "k171": 171, "k172": 172, "k173": 173, "k174": 174, "k175": 175, "k176": 176, "k177": 177, "k178": 178, "k179": 179, "k180": 180, "k181": 181, "k182": 182, "k183": 183, "k184": 184, "k185": 185, "k186": 186, "k187": 187, "k188": 188, "k189": 189, "k190": 190, "k191": 191, "k192": 192, "k193": 193, "k194": 194, "k195": 195, "k196": 196, "k197": 197, "k198": 198, "k199": 199, "k200": 200, "k201": 201, "k202": 202, "k203": 203, "k204": 204, "k205": 205, "k206": 206, "k207": 207, "k208": 208, "k209": 209, "k210": 210, "k211": 211, "k212": 212, "k213": 213, "k214": 214, "k215": 215, "k216": 216, "k217": 217, "k218": 218, "k219": 219, "k220": 220, "k221": 221, "k222": 222, "k223": 223, "k224": 224, "k225": 225, "k226": 226, "k227": 227, "k228": 228, "k229": 229, "k230": 230, "k231": 231, "k232": 232, "k233": 233, "k234": 234, "k235": 235, "k236": 236, "k237": 237, "k238": 238, "k239": 239, "k240": 240, "k241": 241, "k242": 242, "k243": 243, "k244": 244, "k245": 245, "k246": 246, "k247": 247, "k248": 248, "k249": 249, "k250": 250, "k251": 251, "k252": 252, "k253": 253, "k254": 254, "k255": 255, "k256": 256, "k257": 257, "k258": 258, "k259": 259, "k260": 260, "k261": 261, "k262": 262, "k263": 263, "k264": 264, "k265": 265, "k266": 266, "k267": 267, "k268": 268, "k269": 269, "k270": 270, "k271": 271, "k272": 272, "k273": 273, "k274": 274, "k275": 275, "k276": 276, "k277": 277, "k278": 278, "k279": 279, "k280": 280, "k281": 281, "k282": 282, "k283": 283, "k284": 284, "k285": 285, "k286": 286, "k287": 287, "k288": 288, "k289": 289, "k290": 290, "k291": 291, "k292": 292, "k293": 293, "k294": 294, "k295": 295, "k296": 296, "k297": 297, "k298": 298, "k299": 299, "k300": 300, "k301": 301, "k302": 302, "k303": 303, "k304": 304, "k305": 305, "k306": 306, "k307": 307, "k308": 308, "k309": 309, "k310": 310, "k311": 311, "k312": 312, "k313": 313, "k314": 314, "k315": 315, "k316": 316, "k317": 317, "k318": 318, "k319": 319, "k320": 320, "k321": 321, "k322": 322, "k323": 323, "k324": 324, "k325": 325, "k326": 326, "k327": 327, "k328": 328, "k329": 329, "k330": 330, "k331": 331, "k332": 332, "k333": 333, "k334": 334, "k335": 335, "k336": 336, "k337": 337, "k338": 338, "k339": 339, "k340": 340, "k341": 341, "k342": 342, "k343": 343, "k344": 344, "k345": 345, "k346": 346, "k347": 347, "k348": 348, "k349": 349, "k350": 350, "k351": 351, "k352": 352, "k353": 353, "k354": 354, "k355": 355, "k356": 356, "k357": 357, "k358": 358, "k359": 359, "k360": 360, "k361": 361, "k362": 362, "k363": 363, "k364": 364, "k365": 365, "k366": 366, "k367": 367, "k368": 368, "k369": 369, "k370": 370, "k371": 371, "k372": 372, "k373": 373, "k374": 374, "k375": 375, "k376": 376, "k377": 377, "k378": 378, "k379": 379, "k380": 380, "k381": 381, "k382": 382, "k383": 383, "k384": 384, "k385": 385, "k386": 386, "k387": 387, "k388": 388, "k389": 389, "k390": 390, "k391": 391, "k392": 392, "k393": 393, "k394": 394, "k395": 395, "k396": 396, "k397": 397, "k398": 398, "k399": 399, "k400": 400, "k401": 401, "k402": 402, "k403": 403, "k404": 404, "k405": 405, "k406": 406, "k407": 407, "k408": 408, "k409": 409, "k410": 410, "k411": 411, "k412": 412, "k413": 413, "k414": 414, "k415": 415, "k416": 416, "k417": 417, "k418": 418, "k419": 419, "k420": 420, "k421": 421, "k422": 422, "k423": 423, "k424": 424, "k425": 425, "k426": 426, "k427": 427, "k428": 428, "k429": 429, "k430": 430, "k431": 431, "k432": 432, "k433": 433, "k434": 434, "k435": 435, "k436": 436, "k437": 437, "k438": 438, "k439": 439, "k440": 440, "k441": 441, "k442": 442, "k443": 443, "k444": 444, "k445": 445, "k446": 446, "k447": 447, "k448": 448, "k449": 449, "k450": 450, "k451": 451, "k452": 452, "k453": 453, "k454": 454, "k455": 455, "k456": 456, "k457": 457, "k458": 458, "k459": 459, "k460": 460, "k461": 461, "k462": 462, "k463": 463, "k464": 464, "k465": 465, "k466": 466, "k467": 467, "k468": 468, "k469": 469, "k470": 470, "k471": 471, "k472": 472, "k473": 473, "k474": 474, "k475": 475, "k476": 476, "k477": 477, "k478": 478, "k479": 479, "k480": 480, "k481": 481, "k482": 482, "k483": 483, "k484": 484, "k485": 485, "k486": 486, "k487": 487, "k488": 488, "k489": 489, "k490": 490, "k491": 491, "k492": 492, "k493": 493, "k494": 494, "k495": 495, "k496": 496, "k497": 497, "k498": 498, "k499": 499 }

diff --git a/package/libs/libjson-c/patches/001-Protect-array_list_del_idx-against-size_t-overflow.patch b/package/libs/libjson-c/patches/001-Protect-array_list_del_idx-against-size_t-overflow.patch
deleted file mode 100644 (file)
index 456fbf3..0000000
--- a/package/libs/libjson-c/patches/001-Protect-array_list_del_idx-against-size_t-overflow.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 099016b7e8d70a6d5dd814e788bba08d33d48426 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Mon, 4 May 2020 19:41:16 +0200
-Subject: [PATCH 1/2] Protect array_list_del_idx against size_t overflow.
-
-If the assignment of stop overflows due to idx and count being
-larger than SIZE_T_MAX in sum, out of boundary access could happen.
-
-It takes invalid usage of this function for this to happen, but
-I decided to add this check so array_list_del_idx is as safe against
-bad usage as the other arraylist functions.
----
- arraylist.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/arraylist.c
-+++ b/arraylist.c
-@@ -135,6 +135,9 @@ array_list_del_idx( struct array_list *a
- {
-       size_t i, stop;
- 
-+      /* Avoid overflow in calculation with large indices. */
-+      if (idx > SIZE_T_MAX - count)
-+              return -1;
-       stop = idx + count;
-       if ( idx >= arr->length || stop > arr->length ) return -1;
-       for ( i = idx; i < stop; ++i ) {

diff --git a/package/libs/libjson-c/patches/002-Prevent-division-by-zero-in-linkhash.patch b/package/libs/libjson-c/patches/002-Prevent-division-by-zero-in-linkhash.patch
deleted file mode 100644 (file)
index d37fe58..0000000
--- a/package/libs/libjson-c/patches/002-Prevent-division-by-zero-in-linkhash.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 77d935b7ae7871a1940cd827e850e6063044ec45 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Mon, 4 May 2020 19:46:45 +0200
-Subject: [PATCH 2/2] Prevent division by zero in linkhash.
-
-If a linkhash with a size of zero is created, then modulo operations
-are prone to division by zero operations.
-
-Purely protective measure against bad usage.
----
- linkhash.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/linkhash.c
-+++ b/linkhash.c
-@@ -12,6 +12,7 @@
- 
- #include "config.h"
- 
-+#include <assert.h>
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
-@@ -498,6 +499,8 @@ struct lh_table* lh_table_new(int size,
-       int i;
-       struct lh_table *t;
- 
-+  /* Allocate space for elements to avoid divisions by zero. */
-+  assert(size > 0);
-       t = (struct lh_table*)calloc(1, sizeof(struct lh_table));
-       if (!t)
-               return NULL;

diff --git a/package/libs/libjson-c/patches/003-Fix-integer-overflows.patch b/package/libs/libjson-c/patches/003-Fix-integer-overflows.patch
deleted file mode 100644 (file)
index 2fac62d..0000000
--- a/package/libs/libjson-c/patches/003-Fix-integer-overflows.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From d07b91014986900a3a75f306d302e13e005e9d67 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Mon, 4 May 2020 19:47:25 +0200
-Subject: [PATCH] Fix integer overflows.
-
-The data structures linkhash and printbuf are limited to 2 GB in size
-due to a signed integer being used to track their current size.
-
-If too much data is added, then size variable can overflow, which is
-an undefined behaviour in C programming language.
-
-Assuming that a signed int overflow just leads to a negative value,
-like it happens on many sytems (Linux i686/amd64 with gcc), then
-printbuf is vulnerable to an out of boundary write on 64 bit systems.
----
- linkhash.c |  7 +++++--
- printbuf.c | 19 ++++++++++++++++---
- 2 files changed, 21 insertions(+), 5 deletions(-)
-
---- a/linkhash.c
-+++ b/linkhash.c
-@@ -579,9 +579,12 @@ int lh_table_insert_w_hash(struct lh_tab
- {
-       unsigned long n;
- 
--      if (t->count >= t->size * LH_LOAD_FACTOR)
--              if (lh_table_resize(t, t->size * 2) != 0)
-+      if (t->count >= t->size * LH_LOAD_FACTOR) {
-+              /* Avoid signed integer overflow with large tables. */
-+              int new_size = INT_MAX / 2 < t->size ? t->size * 2 : INT_MAX;
-+              if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0)
-                       return -1;
-+      }
- 
-       n = h % t->size;
- 
---- a/printbuf.c
-+++ b/printbuf.c
-@@ -15,6 +15,7 @@
- 
- #include "config.h"
- 
-+#include <limits.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -65,9 +66,16 @@ static int printbuf_extend(struct printb
-       if (p->size >= min_size)
-               return 0;
- 
--      new_size = p->size * 2;
--      if (new_size < min_size + 8)
--              new_size =  min_size + 8;
-+      /* Prevent signed integer overflows with large buffers. */
-+  if (min_size > INT_MAX - 8)
-+    return -1;
-+  if (p->size > INT_MAX / 2)
-+    new_size = min_size + 8;
-+  else {
-+    new_size = p->size * 2;
-+    if (new_size < min_size + 8)
-+      new_size = min_size + 8;
-+  }
- #ifdef PRINTBUF_DEBUG
-       MC_DEBUG("printbuf_memappend: realloc "
-         "bpos=%d min_size=%d old_size=%d new_size=%d\n",
-@@ -82,6 +90,9 @@ static int printbuf_extend(struct printb
- 
- int printbuf_memappend(struct printbuf *p, const char *buf, int size)
- {
-+  /* Prevent signed integer overflows with large buffers. */
-+  if (size > INT_MAX - p->bpos - 1)
-+    return -1;
-   if (p->size <= p->bpos + size + 1) {
-     if (printbuf_extend(p, p->bpos + size + 1) < 0)
-       return -1;
-@@ -98,6 +109,9 @@ int printbuf_memset(struct printbuf *pb,
- 
-       if (offset == -1)
-               offset = pb->bpos;
-+      /* Prevent signed integer overflows with large buffers. */
-+      if (len > INT_MAX - offset)
-+              return -1;
-       size_needed = offset + len;
-       if (pb->size < size_needed)
-       {

diff --git a/package/libs/libjson-c/patches/004-Issue-599-Fix-the-backwards-check-in-lh_table_insert.patch b/package/libs/libjson-c/patches/004-Issue-599-Fix-the-backwards-check-in-lh_table_insert.patch
deleted file mode 100644 (file)
index aed6918..0000000
--- a/package/libs/libjson-c/patches/004-Issue-599-Fix-the-backwards-check-in-lh_table_insert.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 519dfe1591d85432986f9762d41d1a883198c157 Mon Sep 17 00:00:00 2001
-From: Eric Haszlakiewicz <erh+git@nimenees.com>
-Date: Sun, 10 May 2020 03:32:19 +0000
-Subject: [PATCH] Issue #599: Fix the backwards check in
- lh_table_insert_w_hash() that was preventing adding more than 11 objects. Add
- a test to check for this too.
-
----
- linkhash.c           |  2 +-
- tests/test4.c        | 29 +++++++++++++++++++++++++++++
- tests/test4.expected |  1 +
- 3 files changed, 31 insertions(+), 1 deletion(-)
-
-diff --git a/linkhash.c b/linkhash.c
-index 51e90b1..f930efd 100644
---- a/linkhash.c
-+++ b/linkhash.c
-@@ -582,7 +582,7 @@ int lh_table_insert_w_hash(struct lh_table *t, const void *k, const void *v, con
- 
-       if (t->count >= t->size * LH_LOAD_FACTOR) {
-               /* Avoid signed integer overflow with large tables. */
--              int new_size = INT_MAX / 2 < t->size ? t->size * 2 : INT_MAX;
-+              int new_size = (t->size > INT_MAX / 2) ? INT_MAX : (t->size * 2);
-               if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0)
-                       return -1;
-       }
--- 
-2.26.2
-