Hello community, here is the log from the commit of package transfig for openSUSE:Factory checked in at 2015-04-22 01:15:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/transfig (Old) and /work/SRC/openSUSE:Factory/.transfig.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transfig" Changes: -------- --- /work/SRC/openSUSE:Factory/transfig/transfig.changes 2013-12-11 16:24:21.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.transfig.new/transfig.changes 2015-04-22 01:15:40.000000000 +0200 @@ -1,0 +2,6 @@ +Thu Apr 16 12:26:49 UTC 2015 - [email protected] + +- transfig-fix-afl.patch: fixed crashes due to uninitialized memory, + found by afl. + +------------------------------------------------------------------- New: ---- transfig-fix-afl.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ transfig.spec ++++++ --- /var/tmp/diff_new_pack.wNDSi8/_old 2015-04-22 01:15:41.000000000 +0200 +++ /var/tmp/diff_new_pack.wNDSi8/_new 2015-04-22 01:15:41.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package transfig # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -52,6 +52,7 @@ Patch0: transfig.3.2.5d.dif Patch2: transfig.3.2.5-binderman.dif Patch3: transfig.3.2.5d-mediaboxrealnb.dif +Patch4: transfig-fix-afl.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)} %if "%_exec_prefix" == "/usr/X11R6" @@ -92,6 +93,7 @@ %patch0 -p0 -b .0 %patch2 -p0 -b .bm %patch3 -p0 -b .mbox +%patch4 -p1 xmkmf -a -D_DATA='%{_data}' %build ++++++ transfig-fix-afl.patch ++++++ Index: transfig.3.2.5e/fig2dev/read1_3.c =================================================================== --- transfig.3.2.5e.orig/fig2dev/read1_3.c +++ transfig.3.2.5e/fig2dev/read1_3.c @@ -336,6 +336,7 @@ FILE *fp; l->back_arrow = NULL; l->next = NULL; l->points = Point_malloc(p); + l->points->next = NULL; n = fscanf(fp, " %d %d %d %lf %d %d %d %d %d %d", &t, &l->style, &l->thickness, &l->style_val, &f, &b, &h, &w, &p->x, &p->y); @@ -395,6 +396,7 @@ FILE *fp; s->controls = NULL; s->next = NULL; s->points = Point_malloc(p); + s->points->next = NULL; n = fscanf(fp, " %d %d %d %lf %d %d %d %d %d %d", &t, &s->style, &s->thickness, &s->style_val, &f, &b, Index: transfig.3.2.5e/fig2dev/alloc.h =================================================================== --- transfig.3.2.5e.orig/fig2dev/alloc.h +++ transfig.3.2.5e/fig2dev/alloc.h @@ -13,15 +13,15 @@ * notice remain intact. */ -#define Line_malloc(z) z = (F_line*)malloc(LINOBJ_SIZE) -#define Pic_malloc(z) z = (F_pic*)malloc(PIC_SIZE) -#define Spline_malloc(z) z = (F_spline*)malloc(SPLOBJ_SIZE) -#define Ellipse_malloc(z) z = (F_ellipse*)malloc(ELLOBJ_SIZE) -#define Arc_malloc(z) z = (F_arc*)malloc(ARCOBJ_SIZE) -#define Compound_malloc(z) z = (F_compound*)malloc(COMOBJ_SIZE) -#define Text_malloc(z) z = (F_text*)malloc(TEXOBJ_SIZE) -#define Point_malloc(z) z = (F_point*)malloc(POINT_SIZE) -#define Control_malloc(z) z = (F_control*)malloc(CONTROL_SIZE) -#define Arrow_malloc(z) z = (F_arrow*)malloc(ARROW_SIZE) +#define Line_malloc(z) z = (F_line*)calloc(LINOBJ_SIZE,1) +#define Pic_malloc(z) z = (F_pic*)calloc(PIC_SIZE,1) +#define Spline_malloc(z) z = (F_spline*)calloc(SPLOBJ_SIZE,1) +#define Ellipse_malloc(z) z = (F_ellipse*)calloc(ELLOBJ_SIZE,1) +#define Arc_malloc(z) z = (F_arc*)calloc(ARCOBJ_SIZE,1) +#define Compound_malloc(z) z = (F_compound*)calloc(COMOBJ_SIZE,1) +#define Text_malloc(z) z = (F_text*)calloc(TEXOBJ_SIZE,1) +#define Point_malloc(z) z = (F_point*)calloc(POINT_SIZE,1) +#define Control_malloc(z) z = (F_control*)calloc(CONTROL_SIZE,1) +#define Arrow_malloc(z) z = (F_arrow*)calloc(ARROW_SIZE,1) extern char Err_mem[];
