Tim Waugh wrote: > With patch-2.6.1, a particular input file gives an assertion failure: > > $ src/patch -i Makefile.in.diff > patch: src/pch.c:1279: another_hunk: Assertion `p_prefix_context != -1 > && p_suffix_context != -1' failed. > Aborted (core dumped) > > Input file attached. > > Original bug report: > https://bugzilla.redhat.com/show_bug.cgi?id=738959
Hi Tim, Thanks for forwarding that. Here's a proposed patch: >From dbcd5ea048f26caa3f6aa08ca883aedae58d88f0 Mon Sep 17 00:00:00 2001 From: Jim Meyering <[email protected]> Date: Sat, 8 Oct 2011 23:16:07 +0200 Subject: [PATCH] give a diagnostic rather than a failed assertion for a mangled patch * src/pch.c (another_hunk): Rather than asserting(C), issue the "replacement text or line numbers mangled ..." diagnostic when !C. * tests/mangled-numbers-abort: New test for the above. * tests/Makefile.am (TESTS): Add it. * NEWS: Mention it. Reported by Gabriel Vlasiu via Tim Waugh. See also http://bugzilla.redhat.com/738959 --- NEWS | 1 + src/pch.c | 4 +++- tests/Makefile.am | 1 + tests/mangled-numbers-abort | 42 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+), 1 deletions(-) create mode 100644 tests/mangled-numbers-abort diff --git a/NEWS b/NEWS index fa2c518..0e2b574 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,4 @@ +* Patch no longer gets a failed assertion for certain mangled patches. * Patch now ignores destination file names that are absolute or that contain a component of "..". This addresses CVE-2010-4651, * Support for most features of the "diff --git" format: renames and copies, diff --git a/src/pch.c b/src/pch.c index d07c1aa..6909850 100644 --- a/src/pch.c +++ b/src/pch.c @@ -1513,7 +1513,9 @@ another_hunk (enum diff difftype, bool rev) p_suffix_context = ((ptrn_suffix_context != -1 && ptrn_suffix_context < context) ? ptrn_suffix_context : context); - assert (p_prefix_context != -1 && p_suffix_context != -1); + if (p_prefix_context == -1 || p_suffix_context == -1) + fatal ("replacement text or line numbers mangled in hunk at line %s", + format_linenum (numbuf0, p_hunk_beg)); if (difftype == CONTEXT_DIFF && (fillcnt diff --git a/tests/Makefile.am b/tests/Makefile.am index de8862c..f29d68e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -36,6 +36,7 @@ TESTS = \ inname \ line-numbers \ merge \ + mangled-numbers-abort \ munged-context-format \ need-filename \ no-newline-triggers-assert \ diff --git a/tests/mangled-numbers-abort b/tests/mangled-numbers-abort new file mode 100644 index 0000000..1e1cde9 --- /dev/null +++ b/tests/mangled-numbers-abort @@ -0,0 +1,42 @@ +# Copyright (C) 2011 Free Software Foundation, Inc. +# +# Copying and distribution of this file, with or without modification, +# in any medium, are permitted without royalty provided the copyright +# notice and this notice are preserved. + +. $srcdir/test-lib.sh + +require_cat +use_local_patch +use_tmpdir + +# ============================================================== +# Regression test for a failed assertion. +# Based on a report from Gabriel Vlasiu via Tim Waugh +# in http://bugzilla.redhat.com/738959 + +seq 1 7 > a + +cat > bogus.diff <<EOF +*** p +--- p +*************** +*** 405,409 **** +--- 405,407 ---- + a + b + c ++ d + x + y + z +EOF + +# Before v2.6.1-148, this would trigger the failed assertion: +# pch.c:1516: another_hunk: Assertion `p_prefix_context != -1 \ +# && p_suffix_context != -1' failed. + +check 'patch a < bogus.diff; echo "Status: $?"' <<EOF +$PATCH: **** replacement text or line numbers mangled in hunk at line 4 +Status: 2 +EOF -- 1.7.7.rc0.362.g5a14
