diff options
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/pch.c | 4 | ||||
-rw-r--r-- | tests/Makefile.am | 1 | ||||
-rw-r--r-- | tests/mangled-numbers-abort | 42 |
4 files changed, 47 insertions, 1 deletions
@@ -1,3 +1,4 @@ +* Patch no longer gets a failed assertion for certain mangled patches. * Patch now ignores destination file names that are absolute or that contain a component of "..". This addresses CVE-2010-4651, * Support for most features of the "diff --git" format: renames and copies, @@ -1513,7 +1513,9 @@ another_hunk (enum diff difftype, bool rev) p_suffix_context = ((ptrn_suffix_context != -1 && ptrn_suffix_context < context) ? ptrn_suffix_context : context); - assert (p_prefix_context != -1 && p_suffix_context != -1); + if (p_prefix_context == -1 || p_suffix_context == -1) + fatal ("replacement text or line numbers mangled in hunk at line %s", + format_linenum (numbuf0, p_hunk_beg)); if (difftype == CONTEXT_DIFF && (fillcnt diff --git a/tests/Makefile.am b/tests/Makefile.am index de8862c..f29d68e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -36,6 +36,7 @@ TESTS = \ inname \ line-numbers \ merge \ + mangled-numbers-abort \ munged-context-format \ need-filename \ no-newline-triggers-assert \ diff --git a/tests/mangled-numbers-abort b/tests/mangled-numbers-abort new file mode 100644 index 0000000..1e1cde9 --- /dev/null +++ b/tests/mangled-numbers-abort @@ -0,0 +1,42 @@ +# Copyright (C) 2011 Free Software Foundation, Inc. +# +# Copying and distribution of this file, with or without modification, +# in any medium, are permitted without royalty provided the copyright +# notice and this notice are preserved. + +. $srcdir/test-lib.sh + +require_cat +use_local_patch +use_tmpdir + +# ============================================================== +# Regression test for a failed assertion. +# Based on a report from Gabriel Vlasiu via Tim Waugh +# in http://bugzilla.redhat.com/738959 + +seq 1 7 > a + +cat > bogus.diff <<EOF +*** p +--- p +*************** +*** 405,409 **** +--- 405,407 ---- + a + b + c ++ d + x + y + z +EOF + +# Before v2.6.1-148, this would trigger the failed assertion: +# pch.c:1516: another_hunk: Assertion `p_prefix_context != -1 \ +# && p_suffix_context != -1' failed. + +check 'patch a < bogus.diff; echo "Status: $?"' <<EOF +$PATCH: **** replacement text or line numbers mangled in hunk at line 4 +Status: 2 +EOF |