Merge ~pushkarnk/ubuntu/+source/wiredtiger:fix-buffer-oflow into ubuntu/+source/wiredtiger:ubuntu/devel

Proposed by Pushkar Kulkarni
Status: Needs review
Proposed branch: ~pushkarnk/ubuntu/+source/wiredtiger:fix-buffer-oflow
Merge into: ubuntu/+source/wiredtiger:ubuntu/devel
Diff against target: 62 lines (+41/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/fix_buffer_overflow.patch (+33/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Lukas Märdian (community) Approve
git-ubuntu import Pending
Review via email: mp+468239@code.launchpad.net
To post a comment you must log in.
6110b59... by Pushkar Kulkarni

Fix buffer overflows in ex_async.c

c9fd54b... by Pushkar Kulkarni

update changelog

Revision history for this message
Lukas Märdian (slyon) wrote :

LGTM. I was wondering about the "Forwarded: not-needed" header.

Digging into upstream sources, I found the PR which dropped that whole code path upstream, which explains why it's "not-needed":
https://github.com/wiredtiger/wiredtiger/pull/6026

review: Approve

Unmerged commits

c9fd54b... by Pushkar Kulkarni

update changelog

6110b59... by Pushkar Kulkarni

Fix buffer overflows in ex_async.c

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index fa61d29..6376282 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+wiredtiger (3.2.1-1ubuntu3) oracular; urgency=medium
7+
8+ * d/p/fix_buffer_overflow.patch: Fix buffer overflows
9+ in example/c/ex_async.c (LP: #2056102)
10+
11+ -- Pushkar Kulkarni <pushkar.kulkarni@canonical.com> Wed, 26 Jun 2024 15:49:18 +0530
12+
13 wiredtiger (3.2.1-1ubuntu2) noble; urgency=high
14
15 * No change rebuild against frame pointers and time_t.
16diff --git a/debian/patches/fix_buffer_overflow.patch b/debian/patches/fix_buffer_overflow.patch
17new file mode 100644
18index 0000000..f6df7dd
19--- /dev/null
20+++ b/debian/patches/fix_buffer_overflow.patch
21@@ -0,0 +1,33 @@
22+Description: Patch to fix buffer overflow issues in
23+ examples/c/ex_async.c. These fixes are not needed
24+ upstream because the latest versions have removed
25+ the ex_async.c from the examples.
26+Forwarded: not-needed
27+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/wiredtiger/+bug/2056102
28+Author: Pushkar Kulkarni <pushkar.kulkarni@canonical.com>
29+--- a/examples/c/ex_async.c
30++++ b/examples/c/ex_async.c
31+@@ -143,12 +143,12 @@
32+ * Set the operation's string key and value, and then do an asynchronous insert.
33+ */
34+ /*! [async set the operation's string key] */
35+- (void)snprintf(k[i], sizeof(k), "key%d", i);
36++ (void)snprintf(k[i], sizeof(k[i]), "key%d", i);
37+ op->set_key(op, k[i]);
38+ /*! [async set the operation's string key] */
39+
40+ /*! [async set the operation's string value] */
41+- (void)snprintf(v[i], sizeof(v), "value%d", i);
42++ (void)snprintf(v[i], sizeof(v[i]), "value%d", i);
43+ op->set_value(op, v[i]);
44+ /*! [async set the operation's string value] */
45+
46+@@ -188,7 +188,7 @@
47+ /*
48+ * Set the operation's string key and value, and then do an asynchronous search.
49+ */
50+- (void)snprintf(k[i], sizeof(k), "key%d", i);
51++ (void)snprintf(k[i], sizeof(k[i]), "key%d", i);
52+ op->set_key(op, k[i]);
53+ error_check(op->search(op));
54+ /*! [async search] */
55diff --git a/debian/patches/series b/debian/patches/series
56index 2593b9f..639671b 100644
57--- a/debian/patches/series
58+++ b/debian/patches/series
59@@ -1,2 +1,3 @@
60 disable_-release_libtool.patch
61 disable_flaky_tests.patch
62+fix_buffer_overflow.patch

Subscribers

People subscribed via source and target branches