File arj-3.10.22-fixstrcpy.patch of Package arj
Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date: 2020-03-25
reproducible builds showed differences in strings produced from msgbind
depending on CPU-type
valgrind --tool=memcheck
helped to locate two relevant calls to strcpy on overlapping regions
Index: arj-3.10.22/arjdata.c
===================================================================
--- arj-3.10.22.orig/arjdata.c
+++ arj-3.10.22/arjdata.c
@@ -232,7 +232,7 @@ char *expand_tags(char *str, int limit)
{
if(*(p+1)==TAG_CHAR)
{
- strcpy(p, p+1);
+ safe_strcpy(p, p+1);
p++;
}
else if(*(p+1)==TAG_SPECIAL_BEGIN&&(et=strchr(p+3, TAG_SPECIAL_END))!=NULL)
Index: arj-3.10.22/msgbind.c
===================================================================
--- arj-3.10.22.orig/msgbind.c
+++ arj-3.10.22/msgbind.c
@@ -21,6 +21,12 @@
#include <signal.h>
#include <time.h>
+static void safe_strcpy(char *dest, const char *src)
+{
+ memmove(dest, src, strlen(src) + 1);
+}
+
+
#define MSG_SIZE 32752 /* Constant msg buffer size */
#define POOL_SIZE 51200 /* Maximum size of variable-len buf */
#define POOL_R_INC 1024 /* Realloc incrementation */
@@ -586,7 +586,7 @@ int main(int argc, char **argv)
}
strcat(pool[tpool].data, msgname);
strcat(pool[tpool].data, ", ");
- strcpy(msg_buffer, msg_buffer+1);
+ safe_strcpy(msg_buffer, msg_buffer+1);
buf_len=strlen(msg_buffer);
msg_buffer[--buf_len]='\0';
patch_string(msg_buffer);