Commit Graph

35 Commits (68e3f24000726b72757ff19bef5a7837f4c08d94)

Author SHA1 Message Date
Taylor R Campbell 212c85863a Avoid undefined behaviour with the ctype(3) functions.
fix https://github.com/pkgconf/pkgconf/issues/291

As defined in the C standard:

        In all cases the argument is an int, the value of which shall
        be representable as an unsigned char or shall equal the value
        of the macro EOF.  If the argument has any other value, the
        behavior is undefined.

This is because they're designed to work with the int values returned
by getc or fgetc; they need extra work to handle a char value.

If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed
inputs to the ctype(3) functions are:

        {-1, 0, 1, 2, 3, ..., 255}.

However, on platforms where char is signed, such as x86 with the
usual ABI, code like

        char *ptr = ...;
        ... isspace(*ptr) ...

may pass in values in the range:

        {-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}.

This has two problems:

1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden.

2. The non-EOF byte 0xff is conflated with the value EOF = -1, so
   even though the input is not forbidden, it may give the wrong
   answer.

Casting char to unsigned int first before passing the result to
ctype(3) doesn't help: inputs like -128 are unchanged by this cast,
because (on a two's-complement machine with 32-bit int and unsigned
int), converting the signed char with integer value -128 to unsigned
int gives integer value 2^32 - 128 = 0xffffff80, which is out of
range, and which is converted in int back to -128, which is also out
of range.

It is necessary to cast char inputs to unsigned char first; you can
then cast to unsigned int if you like but there's no need because the
functions will always convert the argument to int by definition.  So
the above fragment needs to be:

        char *ptr = ...;
        ... isspace((unsigned char)*ptr) ...

This patch changes unsigned int casts to unsigned char casts, and
adds unsigned char casts where they are missing.
2023-05-02 11:43:56 -07:00
Dylan Baker 34b110200a dependency: zero list after freeing 2022-08-04 15:52:10 -07:00
Dylan Baker e71a5a3370 dependency: add debug information for dependency refcounting 2022-08-04 15:52:10 -07:00
Dylan Baker 4a1119aa2a dependency: Fix reference counting of dependency_addraw
We only want a reference to be added for the value inserted into the
list, not the one returned. The returned one is unowned until it reaches
the public dependency_add function, which returns an owned pointer
instead. This makes things semantically more correct.

Unfortunately, this means in a few cases we have to write some ugly
code like:
```c
pkgconf_dependency_t *dep = pkgcond_dependency_add("args");
pkgconf_dependency_unref(dep->owner, dep);
```
2022-08-04 15:52:10 -07:00
Ariadne Conill 297e18f2c8 tuple: add flags parameter to pkgconf_tuple_parse 2022-07-26 17:08:48 +00:00
Ariadne Conill 197fcadd4c queue: add flattening code 2022-06-26 15:02:37 +00:00
Ariadne Conill 7d8cc1e4ce dependency: add pkgconf_dependency_copy() 2021-10-06 13:13:34 -06:00
Ariadne Conill c547edd07f deconst the client on pkgconf_dependency_add() 2021-10-06 11:52:18 -06:00
Ariadne Conill 4144d506bb implement dependency refcounting 2021-10-06 11:48:37 -06:00
Ariadne Conill 8130dd159e dependency: add pkgconf_dependency_free_one 2021-10-06 11:29:18 -06:00
Ariadne Conill df1b671c83 dependency: use dependency match owner with pkgconf_pkg_unref() 2021-08-17 15:18:47 -06:00
Tobias Stoeckmann fb9acedcad libpkgconf: dependency: fix out of boundary write
It is possible to trigger an out of boundary write in function
pkgconf_dependency_parse_str if a dependency line contains a very
long comparator. The comparator is stored in a temporary buffer which
has a size of PKGCONF_ITEM_SIZE.

The line which is parsed can be up to PKGCONF_BUFSIZE characters long,
which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX).

Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore
leads to an out of boundary write. Although it is undefined behaviour,
this can lead to an overridden compare variable, which in turn can lead
to an invalid instruction pointer, i.e. most likely a crash or code
execution (very unlikely).

Proof of concept:

$ echo "Requires: x " > poc.pc
$ dd if=/dev/zero bs=1 count=65535 | tr '\0' '<' >> poc.pc
$ pkgconf poc.pc

Eiter compile pkgconf with address sanitizer or run pkgconf multiple
times, eventually it might crash (assuming that ASLR is in place).

In order to fix this, I decided to use an end pointer to avoid OOB write.
Alternative would be to increase the buffer size, but I try to avoid that
since this would be additional ~60 KB stack space for a very unlikely
situation.
2020-05-26 14:03:55 -06:00
William Pitcock 3f753fa3dd libpkgconf: dependency: preference uncoloured nodes in event of a dependency collision 2018-03-18 19:03:18 -05:00
William Pitcock ad65bc4a71 libpkgconf: dependency: allow dependency nodes to be colored with traits 2018-03-18 18:03:33 -05:00
William Pitcock 74d58d1b63 libpkgconf: pkg: cache solutions for already solved dependency graph nodes
in almost all cases, we partially solve the dependency graph multiple times, which
just wastes resources.  if we record the solution to a given dependency node, further
iterations can make use of the previous solution without having to solve it again.

this is safe because all provides entries (including virtuals) are knowable prior to
solving the dependency graph the first time.

a nice side effect of this is that all packages are preloaded when querying
information about them (--cflags and related commands).
2017-12-05 17:34:01 -06:00
William Pitcock 4589274c43 libpkgconf: start to remove PKGCONF_BUFSIZE allocations from the stack. (closes #149)
Patch by Karen Arutyunov.
2017-10-16 12:56:19 -05:00
William Pitcock e9fd43caa7 libpkgconf: clean up header includes (closes #137) 2017-09-17 23:38:25 -05:00
William Pitcock 1252d7ae6a libpkgconf: dependency: make dependency_to_str() private, use a caller-supplied buffer for reentrancy 2017-09-08 19:53:52 -05:00
William Pitcock 794443a92a dependency: break API to add tracepoints to dependency list building 2017-02-25 16:04:55 -06:00
Igor Gnatenko 5db87c9685 remove dead assignments (#109)
* remove dead assignments

None of them are used.

Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>

* The address of an object "&pkgconf_pkg_provides_vermatch_rules[pkgdep->compare]" is never null

Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>

* Overrunning array pkgconf_pkg_comparator_names at element index 7

Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
2017-01-22 11:31:34 -08:00
William Pitcock af503f210a libpkgconf: document dependency module 2016-12-10 19:57:26 -06:00
William Pitcock 8213d91038 libpkgconf: migrate to using the pkgconf_ namespaced strlcat/strlcpy symbols 2016-12-10 16:19:40 -06:00
William Pitcock 8740c5cd55 libpkgconf: begin removing global state from libpkgconf library by introducing a "client" object which holds the state 2016-12-01 15:05:03 -06:00
William Pitcock d72ece6a5f dependency: add pkgconf_dependency_add for programmatically adding a dependency object 2016-08-26 23:40:15 -05:00
Baptiste Daroussin cb83dab4ad More casting for ctype 2015-12-02 14:59:51 +01:00
William Pitcock 2f4f68fb62 libpkgconf: dependency: remove some dead debug code 2015-09-06 11:50:29 -05:00
William Pitcock 50cf8db086 libpkgconf: clean up PKG_MODULE_SEPARATOR() and PKG_OPERATOR_CHAR() macros 2015-09-06 11:39:55 -05:00
William Pitcock dd86ba43dd libpkgconf: PKG_ comparators become PKGCONF_CMP_ namespace 2015-09-06 11:34:09 -05:00
William Pitcock 571d9c756c libpkgconf: PKG_BUFSIZE becomes PKGCONF_BUFSIZE, remove unused PKG_MIN/PKG_MAX. 2015-09-06 11:29:56 -05:00
William Pitcock ca1b02659a libpkgconf: untangle remaining pkg_ functions related to pkgconf_pkg_t 2015-09-06 11:20:48 -05:00
William Pitcock 66247fae5f libpkgconf: pkg_comparator_t becomes pkgconf_pkg_comparator_t (and so on) 2015-09-06 10:57:26 -05:00
William Pitcock 4c71b25d5d libpkgconf: move pkg_tuple to pkgconf_tuple namespace 2015-09-06 10:41:40 -05:00
William Pitcock 1ee18d0e69 libpkgconf: move pkg_dependency to pkgconf_dependency namespace 2015-09-06 10:38:30 -05:00
William Pitcock cc2dcc1f5d libpkgconf: move pkg_node and pkg_list to pkgconf_node and pkgconf_list namespaces 2015-09-06 10:31:21 -05:00
William Pitcock a706b3dccc initial libtoolization for libpkgconf 2015-09-06 09:35:08 -05:00