gnu/packages/patches/plib-CVE-2012-4552.patch

   1 https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/05_CVE-2012-4552.diff
   2
   3 diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx
   4 --- plib-1.8.5/src/ssg/ssgParser.cxx~   2008-03-11 03:06:23.000000000 +0100
   5 +++ plib-1.8.5/src/ssg/ssgParser.cxx    2012-11-01 15:33:12.424483374 +0100
   6 @@ -57,18 +57,16 @@ void _ssgParser::error( const char *form
   7    char msgbuff[ 255 ];
   8    va_list argp;
   9
  10 -  char* msgptr = msgbuff;
  11 -  if (linenum)
  12 -  {
  13 -    msgptr += sprintf ( msgptr,"%s, line %d: ",
  14 -      path, linenum );
  15 -  }
  16 -
  17    va_start( argp, format );
  18 -  vsprintf( msgptr, format, argp );
  19 +  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
  20    va_end( argp );
  21
  22 -  ulSetError ( UL_WARNING, "%s", msgbuff ) ;
  23 +  if (linenum)
  24 +  {
  25 +    ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ;
  26 +  } else {
  27 +    ulSetError ( UL_WARNING, "%s", msgbuff ) ;
  28 +  }
  29  }
  30
  31
  32 @@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo
  33    char msgbuff[ 255 ];
  34    va_list argp;
  35
  36 -  char* msgptr = msgbuff;
  37 -  if (linenum)
  38 -  {
  39 -    msgptr += sprintf ( msgptr,"%s, line %d: ",
  40 -      path, linenum );
  41 -  }
  42 -
  43    va_start( argp, format );
  44 -  vsprintf( msgptr, format, argp );
  45 +  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
  46    va_end( argp );
  47
  48 -  ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
  49 +  if (linenum)
  50 +  {
  51 +    ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ;
  52 +  } else {
  53 +    ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
  54 +  }
  55  }
  56
  57  // Opens the file and does a few internal calculations based on the spec.