Re: [patch] xsel: fix segfault when running on empty input file.

Sat, 20 Mar 2021 21:13:46 -0700 

Brennan Vincent <bren...@umanwizard.com> writes:

> FWIW, if you prefer, rather than the patch attached earlier, this is
> how upstream did it:

Thanks Brennan for pointing out the problem and sending the patches. A
complete patch for the ports tree should include a revision bump and
also be included into the patches directory. I attached the combined
result below in case Anton decides to apply or OK it.

A bigger question is if something else should be done.  Memory safety is
an obvious problem to worry about especially in the context where the
selection may not be fully trusted. So, should we pick up a few more
patches from upstream: https://github.com/kfish/xsel/commits/master ?

Trouble is they have a multiple-year old issue pending to roll a release
with no activity beyond people asking for status:
https://github.com/kfish/xsel/issues/28


diff --git a/x11/xsel/Makefile b/x11/xsel/Makefile
index f68ff697609..fcce704534a 100644
--- a/x11/xsel/Makefile
+++ b/x11/xsel/Makefile
@@ -3,7 +3,7 @@
 COMMENT=	command-line program for managing X selection contents
 
 DISTNAME=	xsel-1.2.0
-REVISION=	2
+REVISION=	3
 CATEGORIES=	x11
 HOMEPAGE=	http://www.vergenet.net/~conrad/software/xsel/
 
diff --git a/x11/xsel/patches/patch-xsel_c b/x11/xsel/patches/patch-xsel_c
index 0a6b2018bc6..558a24b363e 100644
--- a/x11/xsel/patches/patch-xsel_c
+++ b/x11/xsel/patches/patch-xsel_c
@@ -3,9 +3,11 @@ $OpenBSD: patch-xsel_c,v 1.2 2014/07/07 08:25:16 sthen Exp $
 - Format "32" properties use "long", not "int", even on LP64 platforms.
 - ensure NUM_TARGETS does not exceed MAX_NUM_TARGETS.
 - plug a memory leak in handle_targets()
+- avoid crash on empty input (c760ace62ac4fe1cf65d88475d5939c1aa360d6b upstream)
 
---- xsel.c.orig	Mon Jun 30 00:10:19 2014
-+++ xsel.c	Mon Jun 30 00:20:50 2014
+Index: xsel.c
+--- xsel.c.orig
++++ xsel.c
 @@ -15,6 +15,7 @@
  #include "config.h"
  #endif
@@ -14,6 +16,15 @@ $OpenBSD: patch-xsel_c,v 1.2 2014/07/07 08:25:16 sthen Exp $
  #include <stdio.h>
  #include <stdlib.h>
  #include <stdarg.h>
+@@ -854,7 +855,7 @@ initialise_read (unsigned char * read_buffer)
+   int insize = in_statbuf.st_blksize;
+   unsigned char * new_buffer = NULL;
+ 
+-  if (S_ISREG (in_statbuf.st_mode)) {
++  if (S_ISREG (in_statbuf.st_mode) && in_statbuf.st_size > 0) {
+     current_alloc += in_statbuf.st_size;
+   } else {
+     current_alloc += insize;
 @@ -1300,14 +1301,16 @@ handle_targets (Display * display, Window requestor, A
                  Atom selection, Time time, MultTrack * mparent)
  {

Reply via email to