avatar
st has added 2682712985
Fixed stack overflow on RPM with 121 008 objects
view file @ 2682712985
... ... --- /dev/null
... ... +++ b/rpm-5.4.10-trigtrans_avoid_alloca_as_stack_overflows.patch
... ... @@ -0,0 +1,76 @@
1
diff -pNaur rpm-rosa.orig/lib/psm.c rpm-rosa/lib/psm.c
2
--- rpm-rosa.orig/lib/psm.c	2017-12-06 16:44:00.000000000 +1000
3
+++ rpm-rosa/lib/psm.c	2017-12-06 19:17:32.499534079 +1000
4
@@ -1904,7 +1904,8 @@ static rpmRC runScriptTriggersLoop(rpmps
5
     rpmfi fi = NULL;
6
     rpmds sourceDs = memset(alloca(sizeof(*sourceDs)), 0, sizeof(*sourceDs));
7
     char * depName = NULL;
8
-    char * evr;
9
+    char * evr = NULL;
10
+    char * evr_allocated = NULL;
11
     char * ptr = NULL;
12
     ARGI_t instances = NULL;
13
     rpmmi mi;
14
@@ -1920,15 +1921,26 @@ static rpmRC runScriptTriggersLoop(rpmps
15
     else
16
 	n = ts->orderCount;
17
 
18
-    evr = memset(alloca(n * 64 * sizeof(*evr)), 0, n * 64 * sizeof(*evr));
19
-    ptr = evr;
20
     sourceDs->tagN = tagno;
21
     sourceDs->Type = tagName(tagno);
22
     sourceDs->Count = n;
23
     sourceDs->i = -1;
24
-    sourceDs->N = memset(alloca(n * sizeof(*sourceDs->N)), 0, n * sizeof(*sourceDs->N));
25
-    sourceDs->EVR = memset(alloca(n * sizeof(*sourceDs->EVR)), 0, n * sizeof(*sourceDs->EVR));
26
-    sourceDs->Flags = (evrFlags *) memset(alloca(n * sizeof(*sourceDs->Flags)), 0, n * sizeof(*sourceDs->Flags));
27
+
28
+    /* Avoid stack allocation as it overflows */
29
+    rc = RPMRC_FAIL;
30
+    ptr = evr = evr_allocated = calloc(n * 64, sizeof(*evr));
31
+    if (!evr_allocated)
32
+	goto exit_free;
33
+    sourceDs->N = calloc(n, sizeof(*sourceDs->N));
34
+    if (!sourceDs->N)
35
+	goto exit_free;
36
+    sourceDs->EVR = calloc(n, sizeof(*sourceDs->EVR));
37
+    if (!sourceDs->EVR)
38
+	goto exit_free;
39
+    sourceDs->Flags = calloc(n, sizeof(*sourceDs->Flags));
40
+    if (!sourceDs->Flags)
41
+	goto exit_free;
42
+    rc = RPMRC_OK;
43
 
44
     pi = rpmtsiInit(ts);
45
     while ((p = rpmtsiNext(pi, psm->goal == PSM_PKGINSTALL ? TR_ADDED : TR_REMOVED)) != NULL) {
46
@@ -1957,7 +1969,7 @@ static rpmRC runScriptTriggersLoop(rpmps
47
     pi = rpmtsiFree(pi);
48
 
49
     if (sourceDs->i == -1)
50
-	return rc;
51
+	goto exit_free;
52
 
53
     /* Fire elements against rpmdb trigger strings. */
54
     for(sourceDs->i = 0; sourceDs->i < (int)sourceDs->Count; sourceDs->i++) {
55
@@ -1968,7 +1980,7 @@ static rpmRC runScriptTriggersLoop(rpmps
56
 
57
 
58
 	if (!depName || !*depName)
59
-	    return rc;
60
+	    goto exit_free;
61
 
62
 	if (_psm_debug)
63
 	    rpmlog(RPMLOG_DEBUG, "--> %s:%d depName: %s tagno: %d ix: %d\n", __FUNCTION__, __LINE__, depName, tagno, sourceDs->i);
64
@@ -2014,6 +2026,12 @@ static rpmRC runScriptTriggersLoop(rpmps
65
 
66
     instances = argiFree(instances);
67
 
68
+exit_free:
69
+    free(sourceDs->Flags);
70
+    free(sourceDs->EVR);
71
+    free(sourceDs->N);
72
+    free(evr_allocated);
73
+
74
     return rc;
75
 }
76
 
... ... --- a/rpm.spec
... ... +++ b/rpm.spec
... ... @@ -61,7 +61,7 @@ Summary: The RPM package management system
61 61
Name:		rpm
62 62
Epoch:		1
63 63
Version:	%{libver}.%{minorver}
64
Release:	%{?prereldate:0.%{prereldate}.}76
64
Release:	%{?prereldate:0.%{prereldate}.}77
65 65
License:	LGPLv2.1+
66 66
Group:		System/Configuration/Packaging
67 67
Url:		http://rpm5.org/
... ... @@ -476,6 +476,9 @@ Patch219: rpm-5.4.14-rubygems2-support.patch
476 476
Patch220:	rpm-5.4.14-fix-dependency-generation-when-ruby_version-is-empty.patch
477 477
Patch221:	rpm-5.4.14-rubygems2.2-support.patch
478 478
479
# alloca fails with 121 008 objects
480
Patch222:	rpm-5.4.10-trigtrans_avoid_alloca_as_stack_overflows.patch
481
479 482
# ROSA stuff
480 483
Patch501:	rpm-5.3.12.vendor.ROSA.patch
481 484
# Restore RPM_PACKAGE_NAME export as it's still used by aot-compile-rpm
... ... @@ -1170,6 +1173,8 @@ This package contains the RPM API documentation generated in HTML format.
1173 1173
%patch220 -p1 -b .no_ruby_version~
1174 1174
%patch221 -p1 -b .rubygems2.2~
1175 1175
1176
%patch222 -p1 -b .trigtrans-fix-alloca~
1177
1176 1178
%patch501 -p1 -b .rosa_vendor~
1177 1179
%patch502 -p1 -b .package_name~
1178 1180
%patch503 -p1 -b .specspo~

Comments