| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| strnspn-fix-buffer-overflow.patch | strnspn: fix buffer overflow Fix the strnspn and strncspn functions to use a properly sized buffer. It used to be 1 byte too short. Checking for `0xff` in a string will thus write `0xff` once byte beyond the stack space of the local buffer. . Note that the public API does not allow to pass `0xff` to those functions. Therefore, this is a read-only buffer overrun, possibly causing bogus reports from the parser, but still well-defined. |
David Rheinsberg <david.rheinsberg@gmail.com> | no | debian | backport, https://github.com/c-util/c-shquote/commit/7fd15f8e272136955f7ffc37df29fbca9ddceca1 | |
| util-user-keep-reference-to-user-in-each-usage-table.patch | util/user: keep reference to user in each usage table Keep a reference to an owning user in each usage table. We want to allow callers to hold charges without holding on to any user references. . Also fix the peer-deinitialization to be ordered correctly and free the user references last (in particular, after the charges). This is not strictly necessary, but now follows our coding style and would have avoided possible failures. . This fixes an assertion failure when disconnecting entire groups of peers of the same user, due to the recent fix that actually made peer-accounting do something. |
David Rheinsberg <david.rheinsberg@gmail.com> | no | backport, https://github.com/bus1/dbus-broker/commit/608b259e25ef1348b9e4a8e022c35b5c68d3df98 | ||
| launch-service-fix-release-of-argv-array.patch | launch/service: fix release of argv array While service_free() correctly releases the strv in `argv`, the service_update() path does not. It frees `argv`, but not the individual entries. Fix this and properly release all entries. |
David Rheinsberg <david.rheinsberg@gmail.com> | no | backport, https://github.com/bus1/dbus-broker/commit/6d9b817b7c165be9addbc28b9e84d7ed1697d11a | ||
| c-stdaux-add-c_memset.patch | add c_memset() The memset(3) function causes UB if its area pointer is NULL, even if the area is 0-bytes in length. This is very unfortunate and requires unnecessary guards in most callers. We really want to be able to call memset(3) with NULL pointers on empty areas to avoid needless branching and complexity. . Provide c_memset() which is exactly like memset(3) for non-NULL areas, but a no-op for empty areas. |
David Rheinsberg <david.rheinsberg@gmail.com> | no | backport, https://github.com/c-util/c-stdaux/commit/1257244f886a4799a1ed739aa2c632e9eb033b8d | ||
| c-stdaux-add-c_memcpy.patch | add c_memcpy() Alongside c_memset(), this adds c_memcpy() with the same trick of allowing empty copies. |
David Rheinsberg <david.rheinsberg@gmail.com> | no | backport, https://github.com/c-util/c-stdaux/commit/7a8493bebc595f94ea57fa1cb6a765a66185aa95 | ||
| global-use-c_mem-over-mem.patch | global: use c_mem*() over mem*() Use the new c_mem*() functions rather than mem*() so we protect against NULL pointers in empty areas, which are UB with the classic mem*() functions. |
David Rheinsberg <david.rheinsberg@gmail.com> | no | backport, https://github.com/bus1/dbus-broker/commit/701759a08f5982f515308c269a8e224fc433f4af |