upstream/553321-ansi-escape-segfault.patch: prevent mutt from segfaulting with large...

author Antonio Radici <antonio@dyne.org>

Sun, 31 Jan 2010 15:24:41 +0000 (15:24 +0000)

committer Antonio Radici <antonio@dyne.org>

Sun, 31 Jan 2010 15:24:41 +0000 (15:24 +0000)
author Antonio Radici <antonio@dyne.org>
Sun, 31 Jan 2010 15:24:41 +0000 (15:24 +0000)
committer Antonio Radici <antonio@dyne.org>
Sun, 31 Jan 2010 15:24:41 +0000 (15:24 +0000)
diff --git a/debian/changelog b/debian/changelog

index 6923b3933f3593f07466e26e2902f87acf8678e7..bc98d6610f9df4463c56ba1ef62125587a9839f8 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ mutt (1.5.20-7) unstable; urgency=low
    * debian/patches:
      + upstream/548494-swedish-intl.patch: fixes to Swedish translation 
        (Closes: 548494)
    * debian/patches:
      + upstream/548494-swedish-intl.patch: fixes to Swedish translation 
        (Closes: 548494)
+    + upstream/553321-ansi-escape-segfault.patch: prevent mutt from segfaulting
+      with large ASCII escape sequences (Closes: 553321)
    * debian/control: 
      + bumping Standards-Version to 3.8.4, nothing to be done
      + adding ${misc:Depends} to make lintian happy
    * debian/control: 
      + bumping Standards-Version to 3.8.4, nothing to be done
      + adding ${misc:Depends} to make lintian happy
diff --git a/debian/patches/series b/debian/patches/series

index 67b4dd010b92d7c3be50c36d7cb7c3b2c19affd5..2257aa73f95c85ff6d64dc05b354a6771c849d6e 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -51,6 +51,7 @@ upstream/544794-smtp-batch.patch
  upstream/537694-segv-imap-headers.patch
  upstream/548577-gpgme-1.2.patch
  upstream/548494-swedish-intl.patch
  upstream/537694-segv-imap-headers.patch
  upstream/548577-gpgme-1.2.patch
  upstream/548494-swedish-intl.patch
+upstream/553321-ansi-escape-segfault.patch
  
  misc/hyphen-as-minus.patch
  #misc/manpage-typos.patch
  
  misc/hyphen-as-minus.patch
  #misc/manpage-typos.patch
diff --git a/debian/patches/upstream/553321-ansi-escape-segfault.patch b/debian/patches/upstream/553321-ansi-escape-segfault.patch

new file mode 100644 (file)

index 0000000..85a8788
--- /dev/null
+++ b/debian/patches/upstream/553321-ansi-escape-segfault.patch
@@ -0,0 +1,17 @@
+This patch prevents mutt from crashing when *buf is freed, the root cause is the
+fact that an adjacent memory segment (*fmt) overruns and overwrite prev_size
+field in the heap.
+
+The bug and the patch were forwarded upstream, see http://bugs.mutt.org/3371
+
+--- a/pager.c
++++ b/pager.c
+@@ -1028,7 +1028,7 @@
+     q = *fmt;
+     while (*p)
+     {
+-      if (*p == '\010' && (p > *buf))
++      if (*p == '\010' && (p > *buf) && (q > *fmt))
+       {
+       if (*(p+1) == '_')      /* underline */
+         p += 2;
author	Antonio Radici <antonio@dyne.org>
	Sun, 31 Jan 2010 15:24:41 +0000 (15:24 +0000)
committer	Antonio Radici <antonio@dyne.org>
	Sun, 31 Jan 2010 15:24:41 +0000 (15:24 +0000)
debian/changelog		patch \| blob \| history
debian/patches/series		patch \| blob \| history
debian/patches/upstream/553321-ansi-escape-segfault.patch	[new file with mode: 0644]	patch \| blob