Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Unverified Commit 986458ff authored Feb 03, 2024 by Vladimír Čunát

Merge #260710: zip: fix buffer overflow on Unicode path names

...into staging

parents 59682b44 dc0f09a4

pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch

0 → 100644

+12 −0

Original line number	Diff line number	Diff line
		diff -urp zip30/fileio.c zip30/fileio.c
		--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300
		+++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300
		@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin
		if ((wc_string = (wchar_t )malloc((wsize + 1) sizeof(wchar_t))) == NULL) {
		ZIPERR(ZE_MEM, "local_to_wide_string");
		}
		- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1);
		+ wsize = mbstowcs(wc_string, local_string, wsize + 1);
		wc_string[wsize] = (wchar_t) 0;

		/* in case wchar_t is not zwchar */

pkgs/tools/archivers/zip/default.nix

+3 −0

Original line number	Diff line number	Diff line
		@@ -33,6 +33,9 @@ stdenv.mkDerivation rec {
		./fix-memset-detection.patch
		# Implicit declaration of `closedir` and `opendir` cause dirent detection to fail with clang 16.
		./fix-implicit-declarations.patch
		# Buffer overflow on Unicode characters in path names
		# https://bugzilla.redhat.com/show_bug.cgi?id=2165653
		./buffer-overflow-on-utf8-rh-bug-2165653.patch
		] ++ lib.optionals (enableNLS && !stdenv.isCygwin) [ ./natspec-gentoo.patch.bz2 ];

		buildInputs = lib.optional enableNLS libnatspec