[PR PATCH] musl: import upsteam patch to fix oob read in time zone data

[PR PATCH] musl: import upsteam patch to fix oob read in time zone data

[Johnnynator]

[-- Attachment #1: Type: text/plain, Size: 384 bytes --]

There is a new pull request by Johnnynator against master on the void-packages repository

https://github.com/Johnnynator/void-packages telegram-musl
https://github.com/void-linux/void-packages/pull/48063

musl: import upsteam patch to fix oob read in time zone data
potential fix for #48056


A patch file from https://github.com/void-linux/void-packages/pull/48063.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-telegram-musl-48063.patch --]
[-- Type: text/x-diff, Size: 4318 bytes --]

From 201192e389a6527bdf4f3bf602edda0a5804806d Mon Sep 17 00:00:00 2001
From: John <me@johnnynator.dev>
Date: Thu, 4 Jan 2024 15:43:34 +0100
Subject: [PATCH] musl: import upsteam patch to fix oob read in time zone data

potential fix for #48056
---
 ...x-oob-read-processing-time-zone-data.patch | 80 +++++++++++++++++++
 srcpkgs/musl/template                         |  2 +-
 2 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/musl/patches/fix-oob-read-processing-time-zone-data.patch

diff --git a/srcpkgs/musl/patches/fix-oob-read-processing-time-zone-data.patch b/srcpkgs/musl/patches/fix-oob-read-processing-time-zone-data.patch
new file mode 100644
index 0000000000000..557cbd7446d9b
--- /dev/null
+++ b/srcpkgs/musl/patches/fix-oob-read-processing-time-zone-data.patch
@@ -0,0 +1,80 @@
+From 3b7b4155570b4b9054465785be2992c92cb7d7b1 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Wed, 9 Feb 2022 17:48:43 -0500
+Subject: fix out-of-bound read processing time zone data with distant-past
+ dates
+
+this bug goes back to commit 1cc81f5cb0df2b66a795ff0c26d7bbc4d16e13c6
+where zoneinfo file support was first added. in scan_trans, which
+searches for the appropriate local time/dst rule in effect at a given
+time, times prior to the second transition time caused the -1 slot of
+the index to be read to determine the previous rule in effect. this
+memory was always valid (part of another zoneinfo table in the mapped
+file) but the byte value read was then used to index another table,
+possibly going outside the bounds of the mmap. most of the time, the
+result was limited to misinterpretation of the rule in effect at that
+time (pre-1900s), but it could produce a crash if adjacent memory was
+not readable.
+
+the root cause of the problem, however, was that the logic for this
+code path was all wrong. as documented in the comment, times before
+the first transition should be treated as using the lowest-numbered
+non-dst rule, or rule 0 if no non-dst rules exist. if the argument is
+in units of local time, however, the rule prior to the first
+transition is needed to determine if it falls before or after it, and
+that's where the -1 index was wrongly used.
+
+instead, use the documented logic to find out what rule would be in
+effect before the first transition, and apply it as the offset if the
+argument was given in local time.
+
+the new code has not been heavily tested, but no longer performs
+potentially out-of-bounds accesses, and successfully handles the 1883
+transition from local mean time to central standard time in the test
+case the error was reported for.
+---
+ src/time/__tz.c | 26 ++++++++++++--------------
+ 1 file changed, 12 insertions(+), 14 deletions(-)
+
+diff --git a/src/time/__tz.c b/src/time/__tz.c
+index 3e2fcdcb..c34b3eb7 100644
+--- a/src/time/__tz.c
++++ b/src/time/__tz.c
+@@ -293,22 +293,20 @@ static size_t scan_trans(long long t, int local, size_t *alt)
+ 	n = (index-trans)>>scale;
+ 	if (a == n-1) return -1;
+ 	if (a == 0) {
+-		x = zi_read32(trans + (a<<scale));
+-		if (scale == 3) x = x<<32 | zi_read32(trans + (a<<scale) + 4);
++		x = zi_read32(trans);
++		if (scale == 3) x = x<<32 | zi_read32(trans + 4);
+ 		else x = (int32_t)x;
+-		if (local) off = (int32_t)zi_read32(types + 6 * index[a-1]);
++		/* Find the lowest non-DST type, or 0 if none. */
++		size_t j = 0;
++		for (size_t i=abbrevs-types; i; i-=6) {
++			if (!types[i-6+4]) j = i-6;
++		}
++		if (local) off = (int32_t)zi_read32(types + j);
++		/* If t is before first transition, use the above-found type
++		 * and the index-zero (after transition) type as the alt. */
+ 		if (t - off < (int64_t)x) {
+-			for (a=0; a<(abbrevs-types)/6; a++) {
+-				if (types[6*a+4] != types[4]) break;
+-			}
+-			if (a == (abbrevs-types)/6) a = 0;
+-			if (types[6*a+4]) {
+-				*alt = a;
+-				return 0;
+-			} else {
+-				*alt = 0;
+-				return a;
+-			}
++			if (alt) *alt = index[0];
++			return j/6;
+ 		}
+ 	}
+ 
+-- 
+cgit v1.2.1
+
diff --git a/srcpkgs/musl/template b/srcpkgs/musl/template
index 6c98fac0962e9..9838f9ad9e613 100644
--- a/srcpkgs/musl/template
+++ b/srcpkgs/musl/template
@@ -2,7 +2,7 @@
 pkgname=musl
 reverts="1.2.0_1"
 version=1.1.24
-revision=18
+revision=19
 archs="*-musl"
 bootstrap=yes
 build_style=gnu-configure

Re: [PR PATCH] [Merged]: musl: import upsteam patch to fix oob read in time zone data

[Johnnynator]

[-- Attachment #1: Type: text/plain, Size: 219 bytes --]

There's a merged pull request on the void-packages repository

musl: import upsteam patch to fix oob read in time zone data
https://github.com/void-linux/void-packages/pull/48063

Description:
potential fix for #48056