Add yet another fix against a segfault that ChrisWhite found.

(Portage version: 2.1_rc1-r2)
author: Robin H. Johnson <robbat2@gentoo.org> 2006-05-22 06:37:06 +0000
committer: Robin H. Johnson <robbat2@gentoo.org> 2006-05-22 06:37:06 +0000
commit: cd0d86c89d2504a5eff86788b36f02d38e1a98ec (patch)
tree: a7fba3fe413956ab2b0768af8efd427ab736630f /dev-util/rats/files
parent: version bump for gdal ruby bindings (diff)
download: gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.tar.gz
gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.tar.bz2
gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.zip
2 files changed, 131 insertions, 0 deletions
diff --git a/dev-util/rats/files/digest-rats-2.1-r2 b/dev-util/rats/files/digest-rats-2.1-r2
new file mode 100644
index 000000000000..cf460df77785
--- /dev/null
+++ b/dev-util/rats/files/digest-rats-2.1-r2
@@ -0,0 +1,3 @@
+MD5 adf31806f1eff0c353abcfd57653ecb3 rats-2.1.tar.gz 326930
+RMD160 6385ff617bf629b03eff64f5563963c905341f22 rats-2.1.tar.gz 326930
+SHA256 ec9fac2765b655c03cede8c5920de3226581f1e626be314bce95f4d0ac9aadd9 rats-2.1.tar.gz 326930
diff --git a/dev-util/rats/files/rats-2.1-fix-null-pointers.patch b/dev-util/rats/files/rats-2.1-fix-null-pointers.patch
new file mode 100644
index 000000000000..0d4c701f0bfc
--- /dev/null
+++ b/dev-util/rats/files/rats-2.1-fix-null-pointers.patch
@@ -0,0 +1,128 @@
+diff -Nuar rats-2.1.orig/report.c rats-2.1/report.c
+--- rats-2.1.orig/report.c	2002-09-16 21:05:43.000000000 -0700
++++ rats-2.1/report.c	2006-05-21 23:16:16.323046789 -0700
+@@ -122,9 +122,15 @@
+   return result;
+ }
+        
+-   
+-
+-  
++/* Exclusively for debugging vulnerabilities.
++ * - robbat2@gentoo.org 21/05/2006 */
++static void debug_vuln_dump(vulnerability_t *ptr) {
++	fprintf(stderr,"vuln_dump: this=%x f=%s l=%d c=%d d=%x t=%d s=%d u=%x p=(%x,%x)\n",				
++			ptr,
++			ptr->filename,ptr->lineno,ptr->column,
++			ptr->data,ptr->type,ptr->severity,
++			ptr->uses,ptr->next,ptr->prev);
++}
+   
+ static void
+ replace_cfname(char *filename)
+@@ -317,6 +323,27 @@
+     insert_vulnerability(log);
+ }
+ 
++/* These are special static vulnerabilities because we don't
++ * want NULL data elements in the vulnerability_t->data
++ * field, because the HTML and XML output formats use that
++ * pointer without checking it for being null first.
++ * - robbat2@gentoo.org 21/05/2006 */
++static struct Vuln_t vuln_PerlBacktick = {
++	.Name = "Perl Backtick"
++};
++static struct Vuln_t vuln_PhpBacktick = {
++	.Name = "PHP Backtick"
++};
++static struct Vuln_t vuln_PythonBacktick = {
++	.Name = "Python Backtick"
++};
++static struct Vuln_t vuln_StaticLocalBuffer = {
++	.Name = "Static Local Buffer"
++};
++static struct Vuln_t vuln_StaticGlobalBuffer = {
++	.Name = "Static Global Buffer"
++};
++
+ void log_perlbacktick(int lineno, int column, Severity_t severity)
+ {
+     vulnerability_t *   log;
+@@ -325,7 +352,7 @@
+     log->filename = current_file;
+     log->column   = column;
+     log->lineno   = lineno;
+-    log->data     = (Vuln_t *)NULL;
++    log->data     = &vuln_PerlBacktick;
+     log->type     = PerlBacktick;
+     log->severity = severity;
+     log->uses     = (toctou_use_t *)NULL;
+@@ -342,7 +369,7 @@
+     log->filename = current_file;
+     log->column   = column;
+     log->lineno   = lineno;
+-    log->data     = (Vuln_t *)NULL;
++    log->data     = &vuln_PhpBacktick;
+     log->type     = PhpBacktick;
+     log->severity = severity;
+     log->uses     = (toctou_use_t *)NULL;
+@@ -358,7 +385,7 @@
+     log->filename = current_file;
+     log->column   = column;
+     log->lineno   = lineno;
+-    log->data     = (Vuln_t *)NULL;
++    log->data     = &vuln_PythonBacktick;
+     log->type     = PythonBacktick;
+     log->severity = severity;
+     log->uses     = (toctou_use_t *)NULL;
+@@ -374,7 +401,16 @@
+     log->filename = current_file;
+     log->column   = column;
+     log->lineno   = lineno;
+-    log->data     = (Vuln_t *)NULL;
++	switch(type) {
++		case StaticLocalBuffer: 
++			log->data     = &vuln_StaticLocalBuffer; 
++			break;
++		case StaticGlobalBuffer: 
++			log->data     = &vuln_StaticGlobalBuffer; 
++			break;
++		default:
++			log->data     = (Vuln_t *)NULL;
++	}
+     log->type     = type;
+     log->severity = severity;
+     log->uses     = (toctou_use_t *)NULL;
+@@ -432,6 +468,10 @@
+ static void build_xml_vulnerability(vulnerability_t *ptr) {
+     int i;
+     
++	/* Debugging - robbat2@gentoo.org 21/05/2006 */
++	if(ptr->data == NULL) 
++		debug_vuln_dump(ptr);
++    
+     printf("<vulnerability>\n");
+ 
+     /* Output the severity */
+@@ -593,6 +633,8 @@
+ void report_vulnerability(vulnerability_t *ptr)
+ {
+     int i;
++	if(ptr->data == NULL)
++		debug_vuln_dump(ptr);
+ 
+     switch (ptr->type)
+     {
+@@ -890,8 +932,10 @@
+      
+ static void build_html_vulnerability(vulnerability_t *ptr) {
+     int i;
+-    
+-
++ 
++	/* Debugging - robbat2@gentoo.org 21/05/2006 */
++	if(ptr->data == NULL) 
++		debug_vuln_dump(ptr);
+     
+     /* Output the severity */
+     printf("  <b>Severity: %s</b><br/>\n",
author	Robin H. Johnson <robbat2@gentoo.org>	2006-05-22 06:37:06 +0000
committer	Robin H. Johnson <robbat2@gentoo.org>	2006-05-22 06:37:06 +0000
commit	cd0d86c89d2504a5eff86788b36f02d38e1a98ec (patch)
tree	a7fba3fe413956ab2b0768af8efd427ab736630f /dev-util/rats/files
parent	version bump for gdal ruby bindings (diff)
download	gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.tar.gz gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.tar.bz2 gentoo-2-cd0d86c89d2504a5eff86788b36f02d38e1a98ec.zip