summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkgs/tools/text/gnugrep/cve-2015-1345.patch60
-rw-r--r--pkgs/tools/text/gnugrep/default.nix10
2 files changed, 5 insertions, 65 deletions
diff --git a/pkgs/tools/text/gnugrep/cve-2015-1345.patch b/pkgs/tools/text/gnugrep/cve-2015-1345.patch
deleted file mode 100644
index 7156f475e7e8..000000000000
--- a/pkgs/tools/text/gnugrep/cve-2015-1345.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001
-From: Yuliy Pisetsky <ypisetsky@fb.com>
-Date: Thu, 01 Jan 2015 23:36:55 +0000
-Subject: grep -F: fix a heap buffer (read) overrun
-
-grep's read buffer is often filled to its full size, except when
-reading the final buffer of a file.  In that case, the number of
-bytes read may be far less than the size of the buffer.  However, for
-certain unusual pattern/text combinations, grep -F would mistakenly
-examine bytes in that uninitialized region of memory when searching
-for a match.  With carefully chosen inputs, one can cause grep -F to
-read beyond the end of that buffer altogether.  This problem arose via
-commit v2.18-90-g73893ff with the introduction of a more efficient
-heuristic using what is now the memchr_kwset function. The use of
-that function in bmexec_trans could leave TP much larger than EP,
-and the subsequent call to bm_delta2_search would mistakenly access
-beyond end of the main input read buffer.
-
-* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
-do not call bm_delta2_search.
-* tests/kwset-abuse: New file.
-* tests/Makefile.am (TESTS): Add it.
-* THANKS.in: Update.
-* NEWS (Bug fixes): Mention it.
-
-Prior to this patch, this command would trigger a UMR:
-
-  printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
-
-  Use of uninitialised value of size 8
-     at 0x4142BE: bmexec_trans (kwset.c:657)
-     by 0x4143CA: bmexec (kwset.c:678)
-     by 0x414973: kwsexec (kwset.c:848)
-     by 0x414DC4: Fexecute (kwsearch.c:128)
-     by 0x404E2E: grepbuf (grep.c:1238)
-     by 0x4054BF: grep (grep.c:1417)
-     by 0x405CEB: grepdesc (grep.c:1645)
-     by 0x405EC1: grep_command_line_arg (grep.c:1692)
-     by 0x4077D4: main (grep.c:2570)
-
-See the accompanying test for how to trigger the heap buffer overrun.
-
-Thanks to Nima Aghdaii for testing and finding numerous
-ways to break early iterations of this patch.
-
-Nix: @vcunat restricted this to the runtime code only to avoid needing autoreconfiguration.
----
-diff --git a/src/kwset.c b/src/kwset.c
-index 4003c8d..376f7c3 100644
---- a/src/kwset.c
-+++ b/src/kwset.c
-@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
-                     if (! tp)
-                       return -1;
-                     tp++;
-+                    if (ep <= tp)
-+                      break;
-                   }
-               }
-           }
diff --git a/pkgs/tools/text/gnugrep/default.nix b/pkgs/tools/text/gnugrep/default.nix
index d03db13ed420..e8352e318b9b 100644
--- a/pkgs/tools/text/gnugrep/default.nix
+++ b/pkgs/tools/text/gnugrep/default.nix
@@ -1,17 +1,17 @@
-{ stdenv, fetchurl, pcre, libiconv }:
+{ stdenv, fetchurl, pcre, libiconv, perl }:
 
-let version = "2.21"; in
+let version = "2.22"; in
 
 stdenv.mkDerivation {
   name = "gnugrep-${version}";
 
   src = fetchurl {
     url = "mirror://gnu/grep/grep-${version}.tar.xz";
-    sha256 = "1pp5n15qwxrw1pibwjhhgsibyv5cafhamf8lwzjygs6y00fa2i2j";
+    sha256 = "1srn321x7whlhs5ks36zlcrrmj4iahll8fxwsh1vbz3v04px54fa";
   };
 
-  patches = [ ./cve-2015-1345.patch ];
-
+  # Perl is needed for testing
+  nativeBuildInputs = [ perl ];
   buildInputs = [ pcre libiconv ];
 
   # cygwin: FAIL: multibyte-white-space
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-15 20:30:03 +0000