main/musl: fix single-byte overflow of malloc'd buffer in getdelim

from upstream:
http://git.musl-libc.org/cgit/musl/commit/?id=b114190b29417fff6f701eea3a3b3b6030338280

2 files changed, 37 insertions, 1 deletions

diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index a6075980df6..f0691874aa3 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Timo Teräs <timo.teras@iki.fi>
 pkgname=musl
 pkgver=1.1.12
-pkgrel=0
+pkgrel=1
 pkgdesc="the musl c library (libc) implementation"
 url="http://www.musl-libc.org/"
 arch="all"
@@ -12,6 +12,7 @@ depends_dev="!uclibc-dev"
 makedepends="$depends_dev"
 subpackages="$pkgname-dev $pkgname-utils $pkgname-dbg libc6-compat:compat"
 source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
+	fix-single-byte-overflow.patch
 
 	ldconfig
 	__stack_chk_fail_local.c
@@ -128,18 +129,21 @@ compat() {
 }
 
 md5sums="42875e0c111aa1cb9d08663f8d42c799  musl-1.1.12.tar.gz
+9aeeaaa70c75608e0b3ed6b6de5b3a37  fix-single-byte-overflow.patch
 830d01f7821b978df770b06db3790921  ldconfig
 0df687757221bbb0fc1aa67f1bd646f9  __stack_chk_fail_local.c
 57ef2c63b9ec6a2041694ace97d4ffa2  getconf.c
 2b941c4251cac44988a4abfc50e21267  getent.c
 45f92f8d59cf84d765de698a9578dbf4  iconv.c"
 sha256sums="720b83c7e276b4b679c0bffe9509340d5f81fd601508e607e708177df0d31c0e  musl-1.1.12.tar.gz
+370daa951d0547dc77d699945e5f49eb941516ead5aee51c5e9ca30061c7c5f8  fix-single-byte-overflow.patch
 b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7  ldconfig
 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da  __stack_chk_fail_local.c
 d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c  getconf.c
 68373a55e89ce85c562d941ccf588337d6cc6c9c17689d695f65cd7607134bbe  getent.c
 f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7  iconv.c"
 sha512sums="7cabbe2665e32bd3408c8865f89f474106e982b4e5de81d0cdeea19e19e20b4d2496faf1adc6b2811d996f30f39258184ba347e8eb5f3811eab89179e8f52d70  musl-1.1.12.tar.gz
+75e5c98a27924ed6a2ce5113f56ecff2774506a82c2ad65c815998083ef812d9a36e61e270a40b29b436ca91cf28563a7138f6eb5f206bbd1422eeae0346012c  fix-single-byte-overflow.patch
 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f  ldconfig
 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b  __stack_chk_fail_local.c
 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d  getconf.c
diff --git a/main/musl/fix-single-byte-overflow.patch b/main/musl/fix-single-byte-overflow.patch
new file mode 100644
index 00000000000..ffc5b3551c4
--- /dev/null
+++ b/main/musl/fix-single-byte-overflow.patch
@@ -0,0 +1,32 @@
+From b114190b29417fff6f701eea3a3b3b6030338280 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Sat, 24 Oct 2015 22:42:10 -0400
+Subject: fix single-byte overflow of malloc'd buffer in getdelim
+
+the buffer enlargement logic here accounted for the terminating null
+byte, but not for the possibility of hitting the delimiter in the
+buffer-refill code path that uses getc_unlocked, in which case two
+additional bytes (the delimiter and the null termination) are written
+without another chance to enlarge the buffer.
+
+this patch and the corresponding bug report are by Felix Janda.
+---
+ src/stdio/getdelim.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/stdio/getdelim.c b/src/stdio/getdelim.c
+index a88c393..3077490 100644
+--- a/src/stdio/getdelim.c
++++ b/src/stdio/getdelim.c
+@@ -27,7 +27,7 @@ ssize_t getdelim(char **restrict s, size_t *restrict n, int delim, FILE *restric
+ 	for (;;) {
+ 		z = memchr(f->rpos, delim, f->rend - f->rpos);
+ 		k = z ? z - f->rpos + 1 : f->rend - f->rpos;
+-		if (i+k >= *n) {
++		if (i+k+1 >= *n) {
+ 			if (k >= SIZE_MAX/2-i) goto oom;
+ 			*n = i+k+2;
+ 			if (*n < SIZE_MAX/4) *n *= 2;
+-- 
+cgit v0.11.2
+