Fix buffer overflow, bug 339898

(Portage version: 2.1.9.46/cvs/Linux x86_64)

3 files changed, 52 insertions, 3 deletions

diff --git a/sci-visualization/spyview/ChangeLog b/sci-visualization/spyview/ChangeLog
index db1174dc83c2..152b75412d19 100644
--- a/sci-visualization/spyview/ChangeLog
+++ b/sci-visualization/spyview/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sci-visualization/spyview
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sci-visualization/spyview/ChangeLog,v 1.12 2011/03/29 23:01:55 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/sci-visualization/spyview/ChangeLog,v 1.13 2011/04/24 21:54:17 dilfridge Exp $
+
+*spyview-20110329-r1 (24 Apr 2011)
+
+  24 Apr 2011; Andreas K. Huettel <dilfridge@gentoo.org>
+  -spyview-20110329.ebuild, +spyview-20110329-r1.ebuild,
+  +files/spyview-20110329-xsection_fn.patch:
+  Fix buffer overflow, bug 339898
 
 *spyview-20110329 (29 Mar 2011)
 
diff --git a/sci-visualization/spyview/files/spyview-20110329-xsection_fn.patch b/sci-visualization/spyview/files/spyview-20110329-xsection_fn.patch
new file mode 100644
index 000000000000..47fe50c6ffc9
--- /dev/null
+++ b/sci-visualization/spyview/files/spyview-20110329-xsection_fn.patch
@@ -0,0 +1,38 @@
+diff -ruN spyview-2011-03-29-10_59.orig/spyview/ImageWindow.C spyview-2011-03-29-10_59/spyview/ImageWindow.C
+--- spyview-2011-03-29-10_59.orig/spyview/ImageWindow.C	2010-08-10 22:12:05.000000000 +0200
++++ spyview-2011-03-29-10_59/spyview/ImageWindow.C	2011-04-24 23:43:55.000000000 +0200
+@@ -2034,25 +2034,25 @@
+ void ImageWindow::exportLinecut()
+ {
+   // Ok, this is a real hack, but it's easy...
+-  char tmp[1024];
+-  char label[1024];
+-  char fn[1024];
++  char tmp[256];
++  char label[256];
++  char fn[256];
+ 
+   //sprintf is just so damn more convenient than c++ strings
+   if (line_cut_type == HORZLINE) 
+-    snprintf(label, 1024, "l.%d", line_cut_yp);
++    snprintf(label, 256, "l.%d", line_cut_yp);
+   else if (line_cut_type == VERTLINE) 
+-    snprintf(label, 1024, "c.%d", line_cut_xp);
++    snprintf(label, 256, "c.%d", line_cut_xp);
+   else 
+     sprintf(label, "other");
+-  snprintf(fn, 1024, "%s.%s.linecut.dat", output_basename, label);
++  snprintf(fn, 256, "%s.%s.linecut.dat", output_basename, label);
+ 	
+   info("exporting linecut to file %s\n", fn);
+ 
+-  strncpy(tmp, xsection_fn, 1024);
+-  strncpy(xsection_fn, fn, 1024);
++  strncpy(tmp, xsection_fn, 256);
++  strncpy(xsection_fn, fn, 256);
+   plotLineCut();
+-  strncpy(xsection_fn, tmp, 1024);
++  strncpy(xsection_fn, tmp, 256);
+ }
+ 
+ void ImageWindow::exportGnuplot()
diff --git a/sci-visualization/spyview/spyview-20110329.ebuild b/sci-visualization/spyview/spyview-20110329-r1.ebuild
index 5218cc922995..9701de41942d 100644
--- a/sci-visualization/spyview/spyview-20110329.ebuild
+++ b/sci-visualization/spyview/spyview-20110329-r1.ebuild
@@ -1,8 +1,8 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sci-visualization/spyview/spyview-20110329.ebuild,v 1.1 2011/03/29 23:01:57 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/sci-visualization/spyview/spyview-20110329-r1.ebuild,v 1.1 2011/04/24 21:54:17 dilfridge Exp $
 
-EAPI=3
+EAPI=4
 
 inherit base flag-o-matic eutils multilib
 
@@ -28,6 +28,8 @@ RDEPEND="${COMMON_DEPEND}
 
 S=${WORKDIR}/spyview-2011-03-29-10_59
 
+PATCHES=( "${FILESDIR}/${P}-xsection_fn.patch" )
+
 src_prepare() {
 	append-cflags $(fltk-config --cflags)
 	append-cxxflags $(fltk-config --cxxflags) -I/usr/include/netpbm
@@ -36,6 +38,8 @@ src_prepare() {
 	# this one leads to an insane amount of warnings
 
 	append-ldflags -L$(dirname $(fltk-config --libs))
+
+	base_src_prepare
 }
 
 src_configure() {