[Bf-blender-cvs] [3f80265] blender-v2.72-release: Fix T41974: blender ships vulnerable minilzo version

Kévin Dietrich Fri, 03 Oct 2014 06:24:56 -0700

Commit: 3f802657a24a8abb994a1717a1b26d65e53c760e
Author: Kévin Dietrich
Date:   Sun Sep 28 01:05:36 2014 +0600
Branches: blender-v2.72-release
https://developer.blender.org/rB3f802657a24a8abb994a1717a1b26d65e53c760e


Fix T41974: blender ships vulnerable minilzo version

Update lzo library due to security issue

Update lzo to latest version. This fixes a security issue (reported in T41974)

This also fixes some (false-positive) valgrind warnings.

Reviewers: sergey

Differential Revision: https://developer.blender.org/D803

===================================================================

M       extern/lzo/minilzo/README.LZO
M       extern/lzo/minilzo/lzoconf.h
M       extern/lzo/minilzo/lzodefs.h
M       extern/lzo/minilzo/minilzo.c
M       extern/lzo/minilzo/minilzo.h
M       source/blender/blenkernel/intern/pointcache.c

===================================================================

diff --git a/extern/lzo/minilzo/README.LZO b/extern/lzo/minilzo/README.LZO
index 058eace..83e10e3 100644
--- a/extern/lzo/minilzo/README.LZO
+++ b/extern/lzo/minilzo/README.LZO
@@ -6,8 +6,8 @@
  Author  : Markus Franz Xaver Johannes Oberhumer
            <[email protected]>
            http://www.oberhumer.com/opensource/lzo/
- Version : 2.06
- Date    : 12 Aug 2011
+ Version : 2.08
+ Date    : 29 Jun 2014
 
  I've created miniLZO for projects where it is inconvenient to
  include (or require) the full LZO source code just because you
@@ -110,9 +110,8 @@
 
  Appendix D: Copyright
  ---------------------
- LZO and miniLZO are Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001,
- 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011
- Markus Franz Xaver Oberhumer <[email protected]>.
+ LZO and miniLZO are Copyright (C) 1996-2014 Markus Franz Xaver Oberhumer
+ All Rights Reserved.
 
  LZO and miniLZO are distributed under the terms of the GNU General
  Public License (GPL).  See the file COPYING.
diff --git a/extern/lzo/minilzo/lzoconf.h b/extern/lzo/minilzo/lzoconf.h
index 23c6ca9..61be29c 100644
--- a/extern/lzo/minilzo/lzoconf.h
+++ b/extern/lzo/minilzo/lzoconf.h
@@ -2,22 +2,7 @@
 
    This file is part of the LZO real-time data compression library.
 
-   Copyright (C) 2011 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2010 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2009 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2008 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2007 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2006 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2005 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2004 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2003 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2002 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2001 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 2000 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer
-   Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer
+   Copyright (C) 1996-2014 Markus Franz Xaver Johannes Oberhumer
    All Rights Reserved.
 
    The LZO library is free software; you can redistribute it and/or
@@ -44,9 +29,9 @@
 #ifndef __LZOCONF_H_INCLUDED
 #define __LZOCONF_H_INCLUDED 1
 
-#define LZO_VERSION             0x2060
-#define LZO_VERSION_STRING      "2.06"
-#define LZO_VERSION_DATE        "Aug 12 2011"
+#define LZO_VERSION             0x2080
+#define LZO_VERSION_STRING      "2.08"
+#define LZO_VERSION_DATE        "Jun 29 2014"
 
 /* internal Autoconf configuration file - only used when building LZO */
 #if defined(LZO_HAVE_CONFIG_H)
@@ -63,7 +48,7 @@
 #if !defined(CHAR_BIT) || (CHAR_BIT != 8)
 #  error "invalid CHAR_BIT"
 #endif
-#if !defined(UCHAR_MAX) || !defined(UINT_MAX) || !defined(ULONG_MAX)
+#if !defined(UCHAR_MAX) || !defined(USHRT_MAX) || !defined(UINT_MAX) || 
!defined(ULONG_MAX)
 #  error "check your compiler installation"
 #endif
 #if (USHRT_MAX < 1) || (UINT_MAX < 1) || (ULONG_MAX < 1)
@@ -85,14 +70,6 @@ extern "C" {
 // some core defines
 ************************************************************************/
 
-#if !defined(LZO_UINT32_C)
-#  if (UINT_MAX < LZO_0xffffffffL)
-#    define LZO_UINT32_C(c)     c ## UL
-#  else
-#    define LZO_UINT32_C(c)     ((c) + 0U)
-#  endif
-#endif
-
 /* memory checkers */
 #if !defined(__LZO_CHECKER)
 #  if defined(__BOUNDS_CHECKING_ON)
@@ -111,28 +88,31 @@ extern "C" {
 // integral and pointer types
 ************************************************************************/
 
-/* lzo_uint should match size_t */
+/* lzo_uint must match size_t */
 #if !defined(LZO_UINT_MAX)
-#  if defined(LZO_ABI_LLP64) /* WIN64 */
-#    if defined(LZO_OS_WIN64)
+#  if (LZO_ABI_LLP64)
+#    if (LZO_OS_WIN64)
      typedef unsigned __int64   lzo_uint;
      typedef __int64            lzo_int;
 #    else
-     typedef unsigned long long lzo_uint;
-     typedef long long          lzo_int;
+     typedef lzo_ullong_t       lzo_uint;
+     typedef lzo_llong_t        lzo_int;
 #    endif
+#    define LZO_SIZEOF_LZO_UINT 8
 #    define LZO_UINT_MAX        0xffffffffffffffffull
 #    define LZO_INT_MAX         9223372036854775807LL
 #    define LZO_INT_MIN         (-1LL - LZO_INT_MAX)
-#  elif defined(LZO_ABI_IP32L64) /* MIPS R5900 */
+#  elif (LZO_ABI_IP32L64) /* MIPS R5900 */
      typedef unsigned int       lzo_uint;
      typedef int                lzo_int;
+#    define LZO_SIZEOF_LZO_UINT LZO_SIZEOF_INT
 #    define LZO_UINT_MAX        UINT_MAX
 #    define LZO_INT_MAX         INT_MAX
 #    define LZO_INT_MIN         INT_MIN
 #  elif (ULONG_MAX >= LZO_0xffffffffL)
      typedef unsigned long      lzo_uint;
      typedef long               lzo_int;
+#    define LZO_SIZEOF_LZO_UINT LZO_SIZEOF_LONG
 #    define LZO_UINT_MAX        ULONG_MAX
 #    define LZO_INT_MAX         LONG_MAX
 #    define LZO_INT_MIN         LONG_MIN
@@ -141,63 +121,22 @@ extern "C" {
 #  endif
 #endif
 
-/* Integral types with 32 bits or more. */
-#if !defined(LZO_UINT32_MAX)
-#  if (UINT_MAX >= LZO_0xffffffffL)
-     typedef unsigned int       lzo_uint32;
-     typedef int                lzo_int32;
-#    define LZO_UINT32_MAX      UINT_MAX
-#    define LZO_INT32_MAX       INT_MAX
-#    define LZO_INT32_MIN       INT_MIN
-#  elif (ULONG_MAX >= LZO_0xffffffffL)
-     typedef unsigned long      lzo_uint32;
-     typedef long               lzo_int32;
-#    define LZO_UINT32_MAX      ULONG_MAX
-#    define LZO_INT32_MAX       LONG_MAX
-#    define LZO_INT32_MIN       LONG_MIN
-#  else
-#    error "lzo_uint32"
-#  endif
-#endif
-
-/* Integral types with exactly 64 bits. */
-#if !defined(LZO_UINT64_MAX)
-#  if (LZO_UINT_MAX >= LZO_0xffffffffL)
-#   if ((((LZO_UINT_MAX) >> 31) >> 31) == 3)
-#    define lzo_uint64          lzo_uint
-#    define lzo_int64           lzo_int
-#    define LZO_UINT64_MAX      LZO_UINT_MAX
-#    define LZO_INT64_MAX       LZO_INT_MAX
-#    define LZO_INT64_MIN       LZO_INT_MIN
-#   endif
-#  elif (ULONG_MAX >= LZO_0xffffffffL)
-#   if ((((ULONG_MAX) >> 31) >> 31) == 3)
-     typedef unsigned long      lzo_uint64;
-     typedef long               lzo_int64;
-#    define LZO_UINT64_MAX      ULONG_MAX
-#    define LZO_INT64_MAX       LONG_MAX
-#    define LZO_INT64_MIN       LONG_MIN
-#   endif
-#  endif
-#endif
-
-/* The larger type of lzo_uint and lzo_uint32. */
-#if (LZO_UINT_MAX >= LZO_UINT32_MAX)
+/* The larger type of lzo_uint and lzo_uint32_t. */
+#if (LZO_SIZEOF_LZO_UINT >= 4)
 #  define lzo_xint              lzo_uint
 #else
-#  define lzo_xint              lzo_uint32
+#  define lzo_xint              lzo_uint32_t
 #endif
 
-/* Memory model that allows to access memory at offsets of lzo_uint. */
-#if !defined(__LZO_MMODEL)
-#  if (LZO_UINT_MAX <= UINT_MAX)
-#    define __LZO_MMODEL        /*empty*/
-#  elif defined(LZO_HAVE_MM_HUGE_PTR)
-#    define __LZO_MMODEL_HUGE   1
-#    define __LZO_MMODEL        __huge
-#  else
-#    define __LZO_MMODEL        /*empty*/
-#  endif
+typedef int lzo_bool;
+
+/* sanity checks */
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == LZO_SIZEOF_LZO_UINT)
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_xint) >= sizeof(lzo_uint))
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_xint) >= sizeof(lzo_uint32_t))
+
+#ifndef __LZO_MMODEL
+#define __LZO_MMODEL            /*empty*/
 #endif
 
 /* no typedef here because of const-pointer issues */
@@ -206,21 +145,52 @@ extern "C" {
 #define lzo_voidp               void __LZO_MMODEL *
 #define lzo_shortp              short __LZO_MMODEL *
 #define lzo_ushortp             unsigned short __LZO_MMODEL *
-#define lzo_uint32p             lzo_uint32 __LZO_MMODEL *
-#define lzo_int32p              lzo_int32 __LZO_MMODEL *
-#if defined(LZO_UINT64_MAX)
-#define lzo_uint64p             lzo_uint64 __LZO_MMODEL *
-#define lzo_int64p              lzo_int64 __LZO_MMODEL *
-#endif
-#define lzo_uintp               lzo_uint __LZO_MMODEL *
 #define lzo_intp                lzo_int __LZO_MMODEL *
+#define lzo_uintp               lzo_uint __LZO_MMODEL *
 #define lzo_xintp               lzo_xint __LZO_MMODEL *
 #define lzo_voidpp              lzo_voidp __LZO_MMODEL *
 #define lzo_bytepp              lzo_bytep __LZO_MMODEL *
-/* deprecated - use 'lzo_bytep' instead of 'lzo_byte *' */
-#define lzo_byte                unsigned char __LZO_MMODEL
 
-typedef int lzo_bool;
+#define lzo_int8_tp             lzo_int8_t __LZO_MMODEL *
+#define lzo_uint8_tp            lzo_uint8_t __LZO_MMODEL *
+#define lzo_int16_tp            lzo_int16_t __LZO_MMODEL *
+#define lzo_uint16_tp           lzo_uint16_t __LZO_MMODEL *
+#define lzo_int32_tp            lzo_int32_t __LZO_MMODEL *
+#define lzo_uint32_tp           lzo_uint32_t __LZO_MMODEL *
+#if defined(lzo_int64_t)
+#define lzo_int64_tp            lzo_int64_t __LZO_MMODEL *
+#define lzo_uint64_tp           lzo_uint64_t __LZO_MMODEL *
+#endif
+
+/* Older LZO versions used to support ancient systems and memory models
+ * like 16-bit MSDOS with __huge pointers and Cray PVP, but these
+ * obsolete configurations are not supported any longer.
+ */
+#if defined(__LZO_MMODEL_HUGE)
+#error "__LZO_MMODEL_HUGE is unsupported"
+#endif
+#if (LZO_MM_PVP)
+#error "LZO_MM_PVP is unsupported"
+#endif
+#if (LZO_SIZEOF_INT < 4)
+#error "LZO_SIZEOF_INT < 4 is unsupported"
+#endif
+#if (__LZO_UINTPTR_T_IS_POINTER)
+#error "__LZO_UINTPTR_T_IS_POINTER is unsupported"
+#endif
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(int) >= 4)
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) >= 4)
+/* Strange configurations where sizeof(lzo_uint) != sizeof(size_t) should
+ * work but have not received much testing lately, so be strict here.
+ */
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == sizeof(size_t))
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == sizeof(ptrdiff_t))
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(lzo_uint) == sizeof(lzo_uintptr_t))
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(void *)   == sizeof(lzo_uintptr_t))
+LZO_COMPILE_TIME_ASSERT_HEADER(sizeof(char *)   == sizeof(lzo_uintptr_t))
+LZO_COMPILE_

@@ Diff output truncated at 10240 characters. @@

_______________________________________________
Bf-blender-cvs mailing list
[email protected]
http://lists.blender.org/mailman/listinfo/bf-blender-cvs

[Bf-blender-cvs] [3f80265] blender-v2.72-release: Fix T41974: blender ships vulnerable minilzo version

Reply via email to