回合上游社区补丁,补丁数量：8

<h3>优先级:</h3>次要<h3>原因分析:</h3>【是否新引入rpm包，是否进行了安全编译选项扫描】否【定位分析】有效问题：例行补丁回合。<table ><tr><td colSpan="1" rowSpan="1"></td><td colSpan="1" rowSpan="1">CommitId</td><td colSpan="1" rowSpan="1">描述</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:coreutils</td><td colSpan="1" rowSpan="1">0d1c25d1cb6d0ce119775368a0fabc7644393f6e</td><td colSpan="1" rowSpan="1">od: fix theoretical size_t malloc overflow * src/od.c (dump, dump_strings): Use idx_t allocators rather than size_t allocators, to avoid unchecked integer overflow on theoretical platforms where SIZE_MAX &lt; IDX_MAX.</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:coreutils</td><td colSpan="1" rowSpan="1">69b07cc58de0a86f7b06d6709049077c6bd486ea</td><td colSpan="1" rowSpan="1">od: fix another off-by-one issue with --strings * src/od.c (main): Fix off-by-one error in string_min limit.</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:coreutils</td><td colSpan="1" rowSpan="1">35d9bf6915bff5d88dd2246ae5a157db838c64f1</td><td colSpan="1" rowSpan="1">od: prefer idx_t to size_t This helps find overflow bugs when compiling with -fsanitize=undefined. * src/od.c (struct tspec, bytes_per_block, PRINT_FIELDS) (PRINT_TYPE, print_named_ascii, print_ascii, decode_one_format) (skip, write_block, read_block, dump, main): Use idx_t, not size_t.</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:coreutils</td><td colSpan="1" rowSpan="1">2b7f3621f8b994db9436318fbe818a34ee87859a</td><td colSpan="1" rowSpan="1">od: output standard diagnostics for invalid -w arguments * src/od.c (main): Don&#x27;t pass LONGINT_OK to xstrtol_fatal(), as otherwise it will abort(). * tests/od/od.pl: Add test cases. * NEWS: Mention the bug fix. Addresses https://bugs.gnu.org/78879</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:coreutils</td><td colSpan="1" rowSpan="1">44809c3379d64b9e580042124ccea6665d746d9a</td><td colSpan="1" rowSpan="1">od: fix various off-by-one issues with --strings with -N * src/od.c (dump_strings): There are three related issues here due to not accounting for the terminating NUL char appropriately. 1. Ensure BUF always has enough space for the terminating NUL. This avoids CWE-122: Heap-based Buffer Overflow, where we wrote a single NUL byte directly after the allocated buffer. I.e., there should be no buffer overflow with: printf &#x27;%100s&#x27; | od -N100 -S1 2. Ensure we support -S == -N (END_OFFSET - STRING_MIN == ADDRESS): I.e., there should be output with: printf &#x27;%100s&#x27; | od -N10 -S10 3. Ensure we always output a valid address by ensuring the ADDRESS and I variables are kept in sync. I.e., this should output address 0000000 not 1777777777777777777777: printf &#x27;%100s&#x27; | od -N10 -S1 As well as fixing these we simplify by using a single loop to read the data, rather than two. * doc/coreutils.texi (od invocation): Clarify that -N implicitly NUL terminates strings. * tests/od/od-N.sh: Add test cases. * NEWS: Mention the bug fixes. Fixes https://bugs.gnu.org/78880</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:coreutils</td><td colSpan="1" rowSpan="1">88f30ee0a5c355701914d4446dc7ec729a344fa2</td><td colSpan="1" rowSpan="1">od: fix some unlikely integer overflows * src/od.c (print_n_spaces, pad_at, pad_at_overflow): New static functions. (struct tspec, PRINT_FIELDS, print_named_ascii, print_ascii) (decode_one_format, write_block, main): Use idx_t, not int, for counts that depend on the number of bytes in an object. (decode_one_format): Use print_n_spaces to output spaces. (PRINT_FIELDS, print_named_ascii, print_ascii): Use pad_at to avoid integer overflow. (write_block): Do not use %*s to pad, as the total pad might exceed INT_MAX. Instead, pad by hand with putchar (&#x27; &#x27;). (main): Use pad_at_overflow to report integer overflow due to oversize -w. Use better way to tell whether -w is used, without needing IF_LINT. * tests/od/big-w.sh: New test. * tests/local.mk (all_tests): Add it.</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:coreutils</td><td colSpan="1" rowSpan="1">66464e61f549e9f2fd35f82567345721798288f9</td><td colSpan="1" rowSpan="1">od: fix &#x27;+N.&#x27; bug * src/od.c (parse_old_offset): First arg is now char *, not char const *. If a decimal number, temporarily modify the string so that xstrtoumax does not complain about the &#x27;.&#x27;. * tests/od/od.pl: Test for the bug.</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:coreutils</td><td colSpan="1" rowSpan="1">d5ea5e8aed304337489a4dbbaf0f00d40bd92fc6</td><td colSpan="1" rowSpan="1">od: fix integer overflow with large pseudos * src/od.c (format_address_label): Diagnose overflow.</td></tr></table>
**二、缺陷分析结构反馈**
影响性分析说明：

缺陷严重等级:(Critical/High/Moderate/Low)

缺陷根因说明:

受影响版本排查(受影响/不受影响):
openEuler-20.03-LTS-SP4
openEuler-22.03-LTS-SP3
openEuler-22.03-LTS-SP4
openEuler-24.03-LTS
openEuler-24.03-LTS-SP1
openEuler-24.03-LTS-SP2

修复是否涉及abi变化(是/否):
openEuler-20.03-LTS-SP4
openEuler-22.03-LTS-SP3
openEuler-22.03-LTS-SP4
openEuler-24.03-LTS
openEuler-24.03-LTS-SP1
openEuler-24.03-LTS-SP2

src-openEuler/coreutils
关闭

内容风险标识

评论 (3)

src-openEuler/coreutils关闭 .gitee-modal { width: 500px !important; }

内容风险标识