1*4882a593SmuzhiyunGNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted 2*4882a593Smuzhiyunpattern file, because of a dstring.c ds_fgetstr integer overflow that triggers 3*4882a593Smuzhiyunan out-of-bounds heap write. 4*4882a593Smuzhiyun 5*4882a593SmuzhiyunCVE: CVE-2021-38185 6*4882a593SmuzhiyunUpstream-Status: Backport 7*4882a593SmuzhiyunSigned-off-by: Ross Burton <ross.burton@arm.com> 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunFrom e494c68a3a0951b1eaba77e2db93f71a890e15d8 Mon Sep 17 00:00:00 2001 10*4882a593SmuzhiyunFrom: Sergey Poznyakoff <gray@gnu.org> 11*4882a593SmuzhiyunDate: Sat, 7 Aug 2021 12:52:21 +0300 12*4882a593SmuzhiyunSubject: [PATCH 1/3] Rewrite dynamic string support. 13*4882a593Smuzhiyun 14*4882a593Smuzhiyun* src/dstring.c (ds_init): Take a single argument. 15*4882a593Smuzhiyun(ds_free): New function. 16*4882a593Smuzhiyun(ds_resize): Take a single argument. Use x2nrealloc to expand 17*4882a593Smuzhiyunthe storage. 18*4882a593Smuzhiyun(ds_reset,ds_append,ds_concat,ds_endswith): New function. 19*4882a593Smuzhiyun(ds_fgetstr): Rewrite. In particular, this fixes integer overflow. 20*4882a593Smuzhiyun* src/dstring.h (dynamic_string): Keep both the allocated length 21*4882a593Smuzhiyun(ds_size) and index of the next free byte in the string (ds_idx). 22*4882a593Smuzhiyun(ds_init,ds_resize): Change signature. 23*4882a593Smuzhiyun(ds_len): New macro. 24*4882a593Smuzhiyun(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. 25*4882a593Smuzhiyun* src/copyin.c: Use new ds_ functions. 26*4882a593Smuzhiyun* src/copyout.c: Likewise. 27*4882a593Smuzhiyun* src/copypass.c: Likewise. 28*4882a593Smuzhiyun* src/util.c: Likewise. 29*4882a593Smuzhiyun--- 30*4882a593Smuzhiyun src/copyin.c | 40 +++++++++++------------ 31*4882a593Smuzhiyun src/copyout.c | 16 ++++----- 32*4882a593Smuzhiyun src/copypass.c | 34 +++++++++---------- 33*4882a593Smuzhiyun src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++-------------- 34*4882a593Smuzhiyun src/dstring.h | 31 +++++++++--------- 35*4882a593Smuzhiyun src/util.c | 6 ++-- 36*4882a593Smuzhiyun 6 files changed, 123 insertions(+), 92 deletions(-) 37*4882a593Smuzhiyun 38*4882a593Smuzhiyundiff --git a/src/copyin.c b/src/copyin.c 39*4882a593Smuzhiyunindex b29f348..37e503a 100644 40*4882a593Smuzhiyun--- a/src/copyin.c 41*4882a593Smuzhiyun+++ b/src/copyin.c 42*4882a593Smuzhiyun@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, 43*4882a593Smuzhiyun char *str_res; /* Result for string function. */ 44*4882a593Smuzhiyun static dynamic_string new_name; /* New file name for rename option. */ 45*4882a593Smuzhiyun static int initialized_new_name = false; 46*4882a593Smuzhiyun+ 47*4882a593Smuzhiyun if (!initialized_new_name) 48*4882a593Smuzhiyun- { 49*4882a593Smuzhiyun- ds_init (&new_name, 128); 50*4882a593Smuzhiyun- initialized_new_name = true; 51*4882a593Smuzhiyun- } 52*4882a593Smuzhiyun+ { 53*4882a593Smuzhiyun+ ds_init (&new_name); 54*4882a593Smuzhiyun+ initialized_new_name = true; 55*4882a593Smuzhiyun+ } 56*4882a593Smuzhiyun 57*4882a593Smuzhiyun if (rename_flag) 58*4882a593Smuzhiyun { 59*4882a593Smuzhiyun@@ -779,37 +780,36 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name) 60*4882a593Smuzhiyun already in `save_patterns' (from the command line) are preserved. */ 61*4882a593Smuzhiyun 62*4882a593Smuzhiyun static void 63*4882a593Smuzhiyun-read_pattern_file () 64*4882a593Smuzhiyun+read_pattern_file (void) 65*4882a593Smuzhiyun { 66*4882a593Smuzhiyun- int max_new_patterns; 67*4882a593Smuzhiyun- char **new_save_patterns; 68*4882a593Smuzhiyun- int new_num_patterns; 69*4882a593Smuzhiyun+ char **new_save_patterns = NULL; 70*4882a593Smuzhiyun+ size_t max_new_patterns; 71*4882a593Smuzhiyun+ size_t new_num_patterns; 72*4882a593Smuzhiyun int i; 73*4882a593Smuzhiyun- dynamic_string pattern_name; 74*4882a593Smuzhiyun+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; 75*4882a593Smuzhiyun FILE *pattern_fp; 76*4882a593Smuzhiyun 77*4882a593Smuzhiyun if (num_patterns < 0) 78*4882a593Smuzhiyun num_patterns = 0; 79*4882a593Smuzhiyun- max_new_patterns = 1 + num_patterns; 80*4882a593Smuzhiyun- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); 81*4882a593Smuzhiyun new_num_patterns = num_patterns; 82*4882a593Smuzhiyun- ds_init (&pattern_name, 128); 83*4882a593Smuzhiyun+ max_new_patterns = num_patterns; 84*4882a593Smuzhiyun+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); 85*4882a593Smuzhiyun 86*4882a593Smuzhiyun pattern_fp = fopen (pattern_file_name, "r"); 87*4882a593Smuzhiyun if (pattern_fp == NULL) 88*4882a593Smuzhiyun open_fatal (pattern_file_name); 89*4882a593Smuzhiyun while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) 90*4882a593Smuzhiyun { 91*4882a593Smuzhiyun- if (new_num_patterns >= max_new_patterns) 92*4882a593Smuzhiyun- { 93*4882a593Smuzhiyun- max_new_patterns += 1; 94*4882a593Smuzhiyun- new_save_patterns = (char **) 95*4882a593Smuzhiyun- xrealloc ((char *) new_save_patterns, 96*4882a593Smuzhiyun- max_new_patterns * sizeof (char *)); 97*4882a593Smuzhiyun- } 98*4882a593Smuzhiyun+ if (new_num_patterns == max_new_patterns) 99*4882a593Smuzhiyun+ new_save_patterns = x2nrealloc (new_save_patterns, 100*4882a593Smuzhiyun+ &max_new_patterns, 101*4882a593Smuzhiyun+ sizeof (new_save_patterns[0])); 102*4882a593Smuzhiyun new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); 103*4882a593Smuzhiyun ++new_num_patterns; 104*4882a593Smuzhiyun } 105*4882a593Smuzhiyun+ 106*4882a593Smuzhiyun+ ds_free (&pattern_name); 107*4882a593Smuzhiyun+ 108*4882a593Smuzhiyun if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) 109*4882a593Smuzhiyun close_error (pattern_file_name); 110*4882a593Smuzhiyun 111*4882a593Smuzhiyun@@ -1196,7 +1196,7 @@ swab_array (char *ptr, int count) 112*4882a593Smuzhiyun in the file system. */ 113*4882a593Smuzhiyun 114*4882a593Smuzhiyun void 115*4882a593Smuzhiyun-process_copy_in () 116*4882a593Smuzhiyun+process_copy_in (void) 117*4882a593Smuzhiyun { 118*4882a593Smuzhiyun char done = false; /* True if trailer reached. */ 119*4882a593Smuzhiyun FILE *tty_in = NULL; /* Interactive file for rename option. */ 120*4882a593Smuzhiyundiff --git a/src/copyout.c b/src/copyout.c 121*4882a593Smuzhiyunindex 8b0beb6..26e3dda 100644 122*4882a593Smuzhiyun--- a/src/copyout.c 123*4882a593Smuzhiyun+++ b/src/copyout.c 124*4882a593Smuzhiyun@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value) 125*4882a593Smuzhiyun The format of the header depends on the compatibility (-c) flag. */ 126*4882a593Smuzhiyun 127*4882a593Smuzhiyun void 128*4882a593Smuzhiyun-process_copy_out () 129*4882a593Smuzhiyun+process_copy_out (void) 130*4882a593Smuzhiyun { 131*4882a593Smuzhiyun- dynamic_string input_name; /* Name of file read from stdin. */ 132*4882a593Smuzhiyun+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; 133*4882a593Smuzhiyun+ /* Name of file read from stdin. */ 134*4882a593Smuzhiyun struct stat file_stat; /* Stat record for file. */ 135*4882a593Smuzhiyun struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; 136*4882a593Smuzhiyun /* Output header information. */ 137*4882a593Smuzhiyun@@ -605,7 +606,6 @@ process_copy_out () 138*4882a593Smuzhiyun char *orig_file_name = NULL; 139*4882a593Smuzhiyun 140*4882a593Smuzhiyun /* Initialize the copy out. */ 141*4882a593Smuzhiyun- ds_init (&input_name, 128); 142*4882a593Smuzhiyun file_hdr.c_magic = 070707; 143*4882a593Smuzhiyun 144*4882a593Smuzhiyun /* Check whether the output file might be a tape. */ 145*4882a593Smuzhiyun@@ -657,14 +657,9 @@ process_copy_out () 146*4882a593Smuzhiyun { 147*4882a593Smuzhiyun if (file_hdr.c_mode & CP_IFDIR) 148*4882a593Smuzhiyun { 149*4882a593Smuzhiyun- int len = strlen (input_name.ds_string); 150*4882a593Smuzhiyun /* Make sure the name ends with a slash */ 151*4882a593Smuzhiyun- if (input_name.ds_string[len-1] != '/') 152*4882a593Smuzhiyun- { 153*4882a593Smuzhiyun- ds_resize (&input_name, len + 2); 154*4882a593Smuzhiyun- input_name.ds_string[len] = '/'; 155*4882a593Smuzhiyun- input_name.ds_string[len+1] = 0; 156*4882a593Smuzhiyun- } 157*4882a593Smuzhiyun+ if (!ds_endswith (&input_name, '/')) 158*4882a593Smuzhiyun+ ds_append (&input_name, '/'); 159*4882a593Smuzhiyun } 160*4882a593Smuzhiyun } 161*4882a593Smuzhiyun 162*4882a593Smuzhiyun@@ -875,6 +870,7 @@ process_copy_out () 163*4882a593Smuzhiyun (unsigned long) blocks), (unsigned long) blocks); 164*4882a593Smuzhiyun } 165*4882a593Smuzhiyun cpio_file_stat_free (&file_hdr); 166*4882a593Smuzhiyun+ ds_free (&input_name); 167*4882a593Smuzhiyun } 168*4882a593Smuzhiyun 169*4882a593Smuzhiyun 170*4882a593Smuzhiyundiff --git a/src/copypass.c b/src/copypass.c 171*4882a593Smuzhiyunindex dc13b5b..62f31c6 100644 172*4882a593Smuzhiyun--- a/src/copypass.c 173*4882a593Smuzhiyun+++ b/src/copypass.c 174*4882a593Smuzhiyun@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st) 175*4882a593Smuzhiyun If `link_flag', link instead of copying. */ 176*4882a593Smuzhiyun 177*4882a593Smuzhiyun void 178*4882a593Smuzhiyun-process_copy_pass () 179*4882a593Smuzhiyun+process_copy_pass (void) 180*4882a593Smuzhiyun { 181*4882a593Smuzhiyun- dynamic_string input_name; /* Name of file from stdin. */ 182*4882a593Smuzhiyun- dynamic_string output_name; /* Name of new file. */ 183*4882a593Smuzhiyun+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; 184*4882a593Smuzhiyun+ /* Name of file from stdin. */ 185*4882a593Smuzhiyun+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; 186*4882a593Smuzhiyun+ /* Name of new file. */ 187*4882a593Smuzhiyun size_t dirname_len; /* Length of `directory_name'. */ 188*4882a593Smuzhiyun int res; /* Result of functions. */ 189*4882a593Smuzhiyun char *slash; /* For moving past slashes in input name. */ 190*4882a593Smuzhiyun@@ -65,25 +67,18 @@ process_copy_pass () 191*4882a593Smuzhiyun created files */ 192*4882a593Smuzhiyun 193*4882a593Smuzhiyun /* Initialize the copy pass. */ 194*4882a593Smuzhiyun- ds_init (&input_name, 128); 195*4882a593Smuzhiyun 196*4882a593Smuzhiyun dirname_len = strlen (directory_name); 197*4882a593Smuzhiyun if (change_directory_option && !ISSLASH (directory_name[0])) 198*4882a593Smuzhiyun { 199*4882a593Smuzhiyun char *pwd = xgetcwd (); 200*4882a593Smuzhiyun- 201*4882a593Smuzhiyun- dirname_len += strlen (pwd) + 1; 202*4882a593Smuzhiyun- ds_init (&output_name, dirname_len + 2); 203*4882a593Smuzhiyun- strcpy (output_name.ds_string, pwd); 204*4882a593Smuzhiyun- strcat (output_name.ds_string, "/"); 205*4882a593Smuzhiyun- strcat (output_name.ds_string, directory_name); 206*4882a593Smuzhiyun+ 207*4882a593Smuzhiyun+ ds_concat (&output_name, pwd); 208*4882a593Smuzhiyun+ ds_append (&output_name, '/'); 209*4882a593Smuzhiyun } 210*4882a593Smuzhiyun- else 211*4882a593Smuzhiyun- { 212*4882a593Smuzhiyun- ds_init (&output_name, dirname_len + 2); 213*4882a593Smuzhiyun- strcpy (output_name.ds_string, directory_name); 214*4882a593Smuzhiyun- } 215*4882a593Smuzhiyun- output_name.ds_string[dirname_len] = '/'; 216*4882a593Smuzhiyun+ ds_concat (&output_name, directory_name); 217*4882a593Smuzhiyun+ ds_append (&output_name, '/'); 218*4882a593Smuzhiyun+ dirname_len = ds_len (&output_name); 219*4882a593Smuzhiyun output_is_seekable = true; 220*4882a593Smuzhiyun 221*4882a593Smuzhiyun change_dir (); 222*4882a593Smuzhiyun@@ -116,8 +111,8 @@ process_copy_pass () 223*4882a593Smuzhiyun /* Make the name of the new file. */ 224*4882a593Smuzhiyun for (slash = input_name.ds_string; *slash == '/'; ++slash) 225*4882a593Smuzhiyun ; 226*4882a593Smuzhiyun- ds_resize (&output_name, dirname_len + strlen (slash) + 2); 227*4882a593Smuzhiyun- strcpy (output_name.ds_string + dirname_len + 1, slash); 228*4882a593Smuzhiyun+ ds_reset (&output_name, dirname_len); 229*4882a593Smuzhiyun+ ds_concat (&output_name, slash); 230*4882a593Smuzhiyun 231*4882a593Smuzhiyun existing_dir = false; 232*4882a593Smuzhiyun if (lstat (output_name.ds_string, &out_file_stat) == 0) 233*4882a593Smuzhiyun@@ -333,6 +328,9 @@ process_copy_pass () 234*4882a593Smuzhiyun (unsigned long) blocks), 235*4882a593Smuzhiyun (unsigned long) blocks); 236*4882a593Smuzhiyun } 237*4882a593Smuzhiyun+ 238*4882a593Smuzhiyun+ ds_free (&input_name); 239*4882a593Smuzhiyun+ ds_free (&output_name); 240*4882a593Smuzhiyun } 241*4882a593Smuzhiyun 242*4882a593Smuzhiyun /* Try and create a hard link from FILE_NAME to another file 243*4882a593Smuzhiyundiff --git a/src/dstring.c b/src/dstring.c 244*4882a593Smuzhiyunindex e9c063f..358f356 100644 245*4882a593Smuzhiyun--- a/src/dstring.c 246*4882a593Smuzhiyun+++ b/src/dstring.c 247*4882a593Smuzhiyun@@ -20,8 +20,8 @@ 248*4882a593Smuzhiyun #if defined(HAVE_CONFIG_H) 249*4882a593Smuzhiyun # include <config.h> 250*4882a593Smuzhiyun #endif 251*4882a593Smuzhiyun- 252*4882a593Smuzhiyun #include <stdio.h> 253*4882a593Smuzhiyun+#include <stdlib.h> 254*4882a593Smuzhiyun #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) 255*4882a593Smuzhiyun #include <string.h> 256*4882a593Smuzhiyun #else 257*4882a593Smuzhiyun@@ -33,24 +33,41 @@ 258*4882a593Smuzhiyun /* Initialiaze dynamic string STRING with space for SIZE characters. */ 259*4882a593Smuzhiyun 260*4882a593Smuzhiyun void 261*4882a593Smuzhiyun-ds_init (dynamic_string *string, int size) 262*4882a593Smuzhiyun+ds_init (dynamic_string *string) 263*4882a593Smuzhiyun+{ 264*4882a593Smuzhiyun+ memset (string, 0, sizeof *string); 265*4882a593Smuzhiyun+} 266*4882a593Smuzhiyun+ 267*4882a593Smuzhiyun+/* Free the dynamic string storage. */ 268*4882a593Smuzhiyun+ 269*4882a593Smuzhiyun+void 270*4882a593Smuzhiyun+ds_free (dynamic_string *string) 271*4882a593Smuzhiyun { 272*4882a593Smuzhiyun- string->ds_length = size; 273*4882a593Smuzhiyun- string->ds_string = (char *) xmalloc (size); 274*4882a593Smuzhiyun+ free (string->ds_string); 275*4882a593Smuzhiyun } 276*4882a593Smuzhiyun 277*4882a593Smuzhiyun-/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ 278*4882a593Smuzhiyun+/* Expand dynamic string STRING, if necessary. */ 279*4882a593Smuzhiyun 280*4882a593Smuzhiyun void 281*4882a593Smuzhiyun-ds_resize (dynamic_string *string, int size) 282*4882a593Smuzhiyun+ds_resize (dynamic_string *string) 283*4882a593Smuzhiyun { 284*4882a593Smuzhiyun- if (size > string->ds_length) 285*4882a593Smuzhiyun+ if (string->ds_idx == string->ds_size) 286*4882a593Smuzhiyun { 287*4882a593Smuzhiyun- string->ds_length = size; 288*4882a593Smuzhiyun- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); 289*4882a593Smuzhiyun+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, 290*4882a593Smuzhiyun+ 1); 291*4882a593Smuzhiyun } 292*4882a593Smuzhiyun } 293*4882a593Smuzhiyun 294*4882a593Smuzhiyun+/* Reset the index of the dynamic string S to LEN. */ 295*4882a593Smuzhiyun+ 296*4882a593Smuzhiyun+void 297*4882a593Smuzhiyun+ds_reset (dynamic_string *s, size_t len) 298*4882a593Smuzhiyun+{ 299*4882a593Smuzhiyun+ while (len > s->ds_size) 300*4882a593Smuzhiyun+ ds_resize (s); 301*4882a593Smuzhiyun+ s->ds_idx = len; 302*4882a593Smuzhiyun+} 303*4882a593Smuzhiyun+ 304*4882a593Smuzhiyun /* Dynamic string S gets a string terminated by the EOS character 305*4882a593Smuzhiyun (which is removed) from file F. S will increase 306*4882a593Smuzhiyun in size during the function if the string from F is longer than 307*4882a593Smuzhiyun@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int size) 308*4882a593Smuzhiyun char * 309*4882a593Smuzhiyun ds_fgetstr (FILE *f, dynamic_string *s, char eos) 310*4882a593Smuzhiyun { 311*4882a593Smuzhiyun- int insize; /* Amount needed for line. */ 312*4882a593Smuzhiyun- int strsize; /* Amount allocated for S. */ 313*4882a593Smuzhiyun int next_ch; 314*4882a593Smuzhiyun 315*4882a593Smuzhiyun /* Initialize. */ 316*4882a593Smuzhiyun- insize = 0; 317*4882a593Smuzhiyun- strsize = s->ds_length; 318*4882a593Smuzhiyun+ s->ds_idx = 0; 319*4882a593Smuzhiyun 320*4882a593Smuzhiyun /* Read the input string. */ 321*4882a593Smuzhiyun- next_ch = getc (f); 322*4882a593Smuzhiyun- while (next_ch != eos && next_ch != EOF) 323*4882a593Smuzhiyun+ while ((next_ch = getc (f)) != eos && next_ch != EOF) 324*4882a593Smuzhiyun { 325*4882a593Smuzhiyun- if (insize >= strsize - 1) 326*4882a593Smuzhiyun- { 327*4882a593Smuzhiyun- ds_resize (s, strsize * 2 + 2); 328*4882a593Smuzhiyun- strsize = s->ds_length; 329*4882a593Smuzhiyun- } 330*4882a593Smuzhiyun- s->ds_string[insize++] = next_ch; 331*4882a593Smuzhiyun- next_ch = getc (f); 332*4882a593Smuzhiyun+ ds_resize (s); 333*4882a593Smuzhiyun+ s->ds_string[s->ds_idx++] = next_ch; 334*4882a593Smuzhiyun } 335*4882a593Smuzhiyun- s->ds_string[insize++] = '\0'; 336*4882a593Smuzhiyun+ ds_resize (s); 337*4882a593Smuzhiyun+ s->ds_string[s->ds_idx] = '\0'; 338*4882a593Smuzhiyun 339*4882a593Smuzhiyun- if (insize == 1 && next_ch == EOF) 340*4882a593Smuzhiyun+ if (s->ds_idx == 0 && next_ch == EOF) 341*4882a593Smuzhiyun return NULL; 342*4882a593Smuzhiyun else 343*4882a593Smuzhiyun return s->ds_string; 344*4882a593Smuzhiyun } 345*4882a593Smuzhiyun 346*4882a593Smuzhiyun+void 347*4882a593Smuzhiyun+ds_append (dynamic_string *s, int c) 348*4882a593Smuzhiyun+{ 349*4882a593Smuzhiyun+ ds_resize (s); 350*4882a593Smuzhiyun+ s->ds_string[s->ds_idx] = c; 351*4882a593Smuzhiyun+ if (c) 352*4882a593Smuzhiyun+ { 353*4882a593Smuzhiyun+ s->ds_idx++; 354*4882a593Smuzhiyun+ ds_resize (s); 355*4882a593Smuzhiyun+ s->ds_string[s->ds_idx] = 0; 356*4882a593Smuzhiyun+ } 357*4882a593Smuzhiyun+} 358*4882a593Smuzhiyun+ 359*4882a593Smuzhiyun+void 360*4882a593Smuzhiyun+ds_concat (dynamic_string *s, char const *str) 361*4882a593Smuzhiyun+{ 362*4882a593Smuzhiyun+ size_t len = strlen (str); 363*4882a593Smuzhiyun+ while (len + 1 > s->ds_size) 364*4882a593Smuzhiyun+ ds_resize (s); 365*4882a593Smuzhiyun+ memcpy (s->ds_string + s->ds_idx, str, len); 366*4882a593Smuzhiyun+ s->ds_idx += len; 367*4882a593Smuzhiyun+ s->ds_string[s->ds_idx] = 0; 368*4882a593Smuzhiyun+} 369*4882a593Smuzhiyun+ 370*4882a593Smuzhiyun char * 371*4882a593Smuzhiyun ds_fgets (FILE *f, dynamic_string *s) 372*4882a593Smuzhiyun { 373*4882a593Smuzhiyun@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s) 374*4882a593Smuzhiyun { 375*4882a593Smuzhiyun return ds_fgetstr (f, s, '\0'); 376*4882a593Smuzhiyun } 377*4882a593Smuzhiyun+ 378*4882a593Smuzhiyun+/* Return true if the dynamic string S ends with character C. */ 379*4882a593Smuzhiyun+int 380*4882a593Smuzhiyun+ds_endswith (dynamic_string *s, int c) 381*4882a593Smuzhiyun+{ 382*4882a593Smuzhiyun+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); 383*4882a593Smuzhiyun+} 384*4882a593Smuzhiyundiff --git a/src/dstring.h b/src/dstring.h 385*4882a593Smuzhiyunindex b5135fe..f5b04ef 100644 386*4882a593Smuzhiyun--- a/src/dstring.h 387*4882a593Smuzhiyun+++ b/src/dstring.h 388*4882a593Smuzhiyun@@ -17,10 +17,6 @@ 389*4882a593Smuzhiyun Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 390*4882a593Smuzhiyun Boston, MA 02110-1301 USA. */ 391*4882a593Smuzhiyun 392*4882a593Smuzhiyun-#ifndef NULL 393*4882a593Smuzhiyun-#define NULL 0 394*4882a593Smuzhiyun-#endif 395*4882a593Smuzhiyun- 396*4882a593Smuzhiyun /* A dynamic string consists of record that records the size of an 397*4882a593Smuzhiyun allocated string and the pointer to that string. The actual string 398*4882a593Smuzhiyun is a normal zero byte terminated string that can be used with the 399*4882a593Smuzhiyun@@ -30,22 +26,25 @@ 400*4882a593Smuzhiyun 401*4882a593Smuzhiyun typedef struct 402*4882a593Smuzhiyun { 403*4882a593Smuzhiyun- int ds_length; /* Actual amount of storage allocated. */ 404*4882a593Smuzhiyun- char *ds_string; /* String. */ 405*4882a593Smuzhiyun+ size_t ds_size; /* Actual amount of storage allocated. */ 406*4882a593Smuzhiyun+ size_t ds_idx; /* Index of the next free byte in the string. */ 407*4882a593Smuzhiyun+ char *ds_string; /* String storage. */ 408*4882a593Smuzhiyun } dynamic_string; 409*4882a593Smuzhiyun 410*4882a593Smuzhiyun+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } 411*4882a593Smuzhiyun 412*4882a593Smuzhiyun-/* Macros that look similar to the original string functions. 413*4882a593Smuzhiyun- WARNING: These macros work only on pointers to dynamic string records. 414*4882a593Smuzhiyun- If used with a real record, an "&" must be used to get the pointer. */ 415*4882a593Smuzhiyun-#define ds_strlen(s) strlen ((s)->ds_string) 416*4882a593Smuzhiyun-#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) 417*4882a593Smuzhiyun-#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) 418*4882a593Smuzhiyun-#define ds_index(s, c) index ((s)->ds_string, c) 419*4882a593Smuzhiyun-#define ds_rindex(s, c) rindex ((s)->ds_string, c) 420*4882a593Smuzhiyun+void ds_init (dynamic_string *string); 421*4882a593Smuzhiyun+void ds_free (dynamic_string *string); 422*4882a593Smuzhiyun+void ds_reset (dynamic_string *s, size_t len); 423*4882a593Smuzhiyun 424*4882a593Smuzhiyun-void ds_init (dynamic_string *string, int size); 425*4882a593Smuzhiyun-void ds_resize (dynamic_string *string, int size); 426*4882a593Smuzhiyun+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ 427*4882a593Smuzhiyun char *ds_fgetname (FILE *f, dynamic_string *s); 428*4882a593Smuzhiyun char *ds_fgets (FILE *f, dynamic_string *s); 429*4882a593Smuzhiyun char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); 430*4882a593Smuzhiyun+void ds_append (dynamic_string *s, int c); 431*4882a593Smuzhiyun+void ds_concat (dynamic_string *s, char const *str); 432*4882a593Smuzhiyun+ 433*4882a593Smuzhiyun+#define ds_len(s) ((s)->ds_idx) 434*4882a593Smuzhiyun+ 435*4882a593Smuzhiyun+int ds_endswith (dynamic_string *s, int c); 436*4882a593Smuzhiyun+ 437*4882a593Smuzhiyundiff --git a/src/util.c b/src/util.c 438*4882a593Smuzhiyunindex 4421b20..6d6bbaa 100644 439*4882a593Smuzhiyun--- a/src/util.c 440*4882a593Smuzhiyun+++ b/src/util.c 441*4882a593Smuzhiyun@@ -846,11 +846,9 @@ get_next_reel (int tape_des) 442*4882a593Smuzhiyun FILE *tty_out; /* File for interacting with user. */ 443*4882a593Smuzhiyun int old_tape_des; 444*4882a593Smuzhiyun char *next_archive_name; 445*4882a593Smuzhiyun- dynamic_string new_name; 446*4882a593Smuzhiyun+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; 447*4882a593Smuzhiyun char *str_res; 448*4882a593Smuzhiyun 449*4882a593Smuzhiyun- ds_init (&new_name, 128); 450*4882a593Smuzhiyun- 451*4882a593Smuzhiyun /* Open files for interactive communication. */ 452*4882a593Smuzhiyun tty_in = fopen (TTY_NAME, "r"); 453*4882a593Smuzhiyun if (tty_in == NULL) 454*4882a593Smuzhiyun@@ -925,7 +923,7 @@ get_next_reel (int tape_des) 455*4882a593Smuzhiyun error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), 456*4882a593Smuzhiyun old_tape_des, tape_des); 457*4882a593Smuzhiyun 458*4882a593Smuzhiyun- free (new_name.ds_string); 459*4882a593Smuzhiyun+ ds_free (&new_name); 460*4882a593Smuzhiyun fclose (tty_in); 461*4882a593Smuzhiyun fclose (tty_out); 462*4882a593Smuzhiyun } 463*4882a593Smuzhiyun-- 464*4882a593Smuzhiyun2.25.1 465*4882a593Smuzhiyun 466*4882a593Smuzhiyun 467*4882a593SmuzhiyunFrom fb7a51bf85b8e6f045cacb4fb783db4a414741bf Mon Sep 17 00:00:00 2001 468*4882a593SmuzhiyunFrom: Sergey Poznyakoff <gray@gnu.org> 469*4882a593SmuzhiyunDate: Wed, 11 Aug 2021 18:10:38 +0300 470*4882a593SmuzhiyunSubject: [PATCH 2/3] Fix previous commit 471*4882a593Smuzhiyun 472*4882a593Smuzhiyun* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a 473*4882a593Smuzhiyunloop. 474*4882a593Smuzhiyun--- 475*4882a593Smuzhiyun src/dstring.c | 4 ++-- 476*4882a593Smuzhiyun 1 file changed, 2 insertions(+), 2 deletions(-) 477*4882a593Smuzhiyun 478*4882a593Smuzhiyundiff --git a/src/dstring.c b/src/dstring.c 479*4882a593Smuzhiyunindex 358f356..90c691c 100644 480*4882a593Smuzhiyun--- a/src/dstring.c 481*4882a593Smuzhiyun+++ b/src/dstring.c 482*4882a593Smuzhiyun@@ -64,7 +64,7 @@ void 483*4882a593Smuzhiyun ds_reset (dynamic_string *s, size_t len) 484*4882a593Smuzhiyun { 485*4882a593Smuzhiyun while (len > s->ds_size) 486*4882a593Smuzhiyun- ds_resize (s); 487*4882a593Smuzhiyun+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); 488*4882a593Smuzhiyun s->ds_idx = len; 489*4882a593Smuzhiyun } 490*4882a593Smuzhiyun 491*4882a593Smuzhiyun@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) 492*4882a593Smuzhiyun { 493*4882a593Smuzhiyun size_t len = strlen (str); 494*4882a593Smuzhiyun while (len + 1 > s->ds_size) 495*4882a593Smuzhiyun- ds_resize (s); 496*4882a593Smuzhiyun+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); 497*4882a593Smuzhiyun memcpy (s->ds_string + s->ds_idx, str, len); 498*4882a593Smuzhiyun s->ds_idx += len; 499*4882a593Smuzhiyun s->ds_string[s->ds_idx] = 0; 500*4882a593Smuzhiyun-- 501*4882a593Smuzhiyun2.25.1 502*4882a593Smuzhiyun 503*4882a593Smuzhiyun 504*4882a593SmuzhiyunFrom 86b37d74b15f9bb5fe62fd1642cc126d3ace0189 Mon Sep 17 00:00:00 2001 505*4882a593SmuzhiyunFrom: Sergey Poznyakoff <gray@gnu.org> 506*4882a593SmuzhiyunDate: Wed, 18 Aug 2021 09:41:39 +0300 507*4882a593SmuzhiyunSubject: [PATCH 3/3] Fix dynamic string reallocations 508*4882a593Smuzhiyun 509*4882a593Smuzhiyun* src/dstring.c (ds_resize): Take additional argument: number of 510*4882a593Smuzhiyunbytes to leave available after ds_idx. All uses changed. 511*4882a593Smuzhiyun--- 512*4882a593Smuzhiyun src/dstring.c | 18 ++++++++---------- 513*4882a593Smuzhiyun 1 file changed, 8 insertions(+), 10 deletions(-) 514*4882a593Smuzhiyun 515*4882a593Smuzhiyundiff --git a/src/dstring.c b/src/dstring.c 516*4882a593Smuzhiyunindex 90c691c..0f597cc 100644 517*4882a593Smuzhiyun--- a/src/dstring.c 518*4882a593Smuzhiyun+++ b/src/dstring.c 519*4882a593Smuzhiyun@@ -49,9 +49,9 @@ ds_free (dynamic_string *string) 520*4882a593Smuzhiyun /* Expand dynamic string STRING, if necessary. */ 521*4882a593Smuzhiyun 522*4882a593Smuzhiyun void 523*4882a593Smuzhiyun-ds_resize (dynamic_string *string) 524*4882a593Smuzhiyun+ds_resize (dynamic_string *string, size_t len) 525*4882a593Smuzhiyun { 526*4882a593Smuzhiyun- if (string->ds_idx == string->ds_size) 527*4882a593Smuzhiyun+ while (len + string->ds_idx >= string->ds_size) 528*4882a593Smuzhiyun { 529*4882a593Smuzhiyun string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, 530*4882a593Smuzhiyun 1); 531*4882a593Smuzhiyun@@ -63,8 +63,7 @@ ds_resize (dynamic_string *string) 532*4882a593Smuzhiyun void 533*4882a593Smuzhiyun ds_reset (dynamic_string *s, size_t len) 534*4882a593Smuzhiyun { 535*4882a593Smuzhiyun- while (len > s->ds_size) 536*4882a593Smuzhiyun- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); 537*4882a593Smuzhiyun+ ds_resize (s, len); 538*4882a593Smuzhiyun s->ds_idx = len; 539*4882a593Smuzhiyun } 540*4882a593Smuzhiyun 541*4882a593Smuzhiyun@@ -86,10 +85,10 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) 542*4882a593Smuzhiyun /* Read the input string. */ 543*4882a593Smuzhiyun while ((next_ch = getc (f)) != eos && next_ch != EOF) 544*4882a593Smuzhiyun { 545*4882a593Smuzhiyun- ds_resize (s); 546*4882a593Smuzhiyun+ ds_resize (s, 0); 547*4882a593Smuzhiyun s->ds_string[s->ds_idx++] = next_ch; 548*4882a593Smuzhiyun } 549*4882a593Smuzhiyun- ds_resize (s); 550*4882a593Smuzhiyun+ ds_resize (s, 0); 551*4882a593Smuzhiyun s->ds_string[s->ds_idx] = '\0'; 552*4882a593Smuzhiyun 553*4882a593Smuzhiyun if (s->ds_idx == 0 && next_ch == EOF) 554*4882a593Smuzhiyun@@ -101,12 +100,12 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) 555*4882a593Smuzhiyun void 556*4882a593Smuzhiyun ds_append (dynamic_string *s, int c) 557*4882a593Smuzhiyun { 558*4882a593Smuzhiyun- ds_resize (s); 559*4882a593Smuzhiyun+ ds_resize (s, 0); 560*4882a593Smuzhiyun s->ds_string[s->ds_idx] = c; 561*4882a593Smuzhiyun if (c) 562*4882a593Smuzhiyun { 563*4882a593Smuzhiyun s->ds_idx++; 564*4882a593Smuzhiyun- ds_resize (s); 565*4882a593Smuzhiyun+ ds_resize (s, 0); 566*4882a593Smuzhiyun s->ds_string[s->ds_idx] = 0; 567*4882a593Smuzhiyun } 568*4882a593Smuzhiyun } 569*4882a593Smuzhiyun@@ -115,8 +114,7 @@ void 570*4882a593Smuzhiyun ds_concat (dynamic_string *s, char const *str) 571*4882a593Smuzhiyun { 572*4882a593Smuzhiyun size_t len = strlen (str); 573*4882a593Smuzhiyun- while (len + 1 > s->ds_size) 574*4882a593Smuzhiyun- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); 575*4882a593Smuzhiyun+ ds_resize (s, len); 576*4882a593Smuzhiyun memcpy (s->ds_string + s->ds_idx, str, len); 577*4882a593Smuzhiyun s->ds_idx += len; 578*4882a593Smuzhiyun s->ds_string[s->ds_idx] = 0; 579*4882a593Smuzhiyun-- 580*4882a593Smuzhiyun2.25.1 581*4882a593Smuzhiyun 582