gentoo auto-resync : 11:04:2023 - 05:38:21

1 files changed, 24 insertions, 0 deletions

diff --git a/app-editors/pluma/files/pluma-1.26.0-fortify-source-3.patch b/app-editors/pluma/files/pluma-1.26.0-fortify-source-3.patch
new file mode 100644
index 000000000000..001d88081ce6
--- /dev/null
+++ b/app-editors/pluma/files/pluma-1.26.0-fortify-source-3.patch
@@ -0,0 +1,24 @@
+https://bugs.gentoo.org/903860
+https://github.com/mate-desktop/pluma/issues/664
+https://github.com/mate-desktop/pluma/pull/665
+https://github.com/mate-desktop/pluma/commit/8ca37beb259f7a62fef2005e888248ec880e44cd
+
+From 8ca37beb259f7a62fef2005e888248ec880e44cd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bal=C3=A1zs=20Dura-Kov=C3=A1cs?= <balping314@gmail.com>
+Date: Thu, 18 Aug 2022 17:44:41 +0200
+Subject: [PATCH] Fix out-of-bounds write
+
+Closes https://github.com/mate-desktop/pluma/issues/664
+
+The size of tempfont was one byte too short, so strcpy performed an out-of-bounds write of the terminating 0.
+--- a/pluma/pluma-window.c
++++ b/pluma/pluma-window.c
+@@ -318,7 +318,7 @@ pluma_window_key_press_event (GtkWidget   *widget,
+         g_strcanon (tempsize, "1234567890", '\0');
+         g_strreverse (tempsize);
+ 
+-        gchar tempfont [strlen (font)];
++        gchar tempfont [strlen (font) + 1];
+         strcpy (tempfont, font);
+         tempfont [strlen (font) - strlen (tempsize)] = 0;
+