pyrox.dev
zip: fix buffer overflow on Unicode path names
When creating ZIP files with non-ASCII names (such as some European
accent chars), something was detecting a buffer overflow and bailing
out. It turns out that this has been already fixed earlier this year in
Fedora, so let's reuse their patch as-is.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2165653
+12
pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch
+12
pkgs/tools/archivers/zip/buffer-overflow-on-utf8-rh-bug-2165653.patch
···
1
+
diff -urp zip30/fileio.c zip30/fileio.c
2
+
--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300
3
+
+++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300
4
+
@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin
5
+
if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) {
6
+
ZIPERR(ZE_MEM, "local_to_wide_string");
7
+
}
8
+
- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1);
9
+
+ wsize = mbstowcs(wc_string, local_string, wsize + 1);
10
+
wc_string[wsize] = (wchar_t) 0;
11
+
12
+
/* in case wchar_t is not zwchar */
+3
pkgs/tools/archivers/zip/default.nix
+3
pkgs/tools/archivers/zip/default.nix
···
33
33
./fix-memset-detection.patch
34
34
# Implicit declaration of `closedir` and `opendir` cause dirent detection to fail with clang 16.
35
35
./fix-implicit-declarations.patch
36
+
# Buffer overflow on Unicode characters in path names
37
+
# https://bugzilla.redhat.com/show_bug.cgi?id=2165653
38
+
./buffer-overflow-on-utf8-rh-bug-2165653.patch
36
39
] ++ lib.optionals (enableNLS && !stdenv.isCygwin) [ ./natspec-gentoo.patch.bz2 ];
37
40
38
41
buildInputs = lib.optional enableNLS libnatspec