[gentoo-commits] repo/gentoo:master commit in: dev-util/rizin/, dev-util/rizin/files/

["John Helmert III" <ajak@gentoo.org>]

commit:     166222145e93b3e5bf1e1978fff2d00553585e1a
Author:     John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 14 01:07:07 2021 +0000
Commit:     John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Tue Dec 14 01:08:26 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16622214

dev-util/rizin: add patch for CVE-2021-43814

Bug: https://bugs.gentoo.org/829129
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>

 .../rizin/files/rizin-0.3.1-CVE-2021-43814.patch   |  90 ++++++++++++++++++
 dev-util/rizin/rizin-0.3.1-r2.ebuild               | 103 +++++++++++++++++++++
 2 files changed, 193 insertions(+)

diff --git a/dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch b/dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch
new file mode 100644
index 000000000000..f7c511b5a0cf
--- /dev/null
+++ b/dev-util/rizin/files/rizin-0.3.1-CVE-2021-43814.patch
@@ -0,0 +1,90 @@
+From aa6917772d2f32e5a7daab25a46c72df0b5ea406 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Florian=20M=C3=A4rkl?= <info@florianmaerkl.de>
+Date: Fri, 10 Dec 2021 15:43:12 +0100
+Subject: [PATCH] Fix oob write for dwarf with abbrev with count 0 (Fix #2083)
+ (#2086)
+
+---
+ librz/bin/dwarf.c         | 40 ++++++++++++++++++++++-----------------
+ test/db/formats/elf/crash |  8 ++++++++
+ 2 files changed, 31 insertions(+), 17 deletions(-)
+
+diff --git a/librz/bin/dwarf.c b/librz/bin/dwarf.c
+index 1ed1d3517c2..23dd1f9f0b1 100644
+--- a/librz/bin/dwarf.c
++++ b/librz/bin/dwarf.c
+@@ -1220,9 +1220,13 @@ static int init_die(RzBinDwarfDie *die, ut64 abbr_code, ut64 attr_count) {
+ 	if (!die) {
+ 		return -1;
+ 	}
+-	die->attr_values = calloc(sizeof(RzBinDwarfAttrValue), attr_count);
+-	if (!die->attr_values) {
+-		return -1;
++	if (attr_count) {
++		die->attr_values = calloc(sizeof(RzBinDwarfAttrValue), attr_count);
++		if (!die->attr_values) {
++			return -1;
++		}
++	} else {
++		die->attr_values = NULL;
+ 	}
+ 	die->abbrev_code = abbr_code;
+ 	die->capacity = attr_count;
+@@ -1726,25 +1730,27 @@ static const ut8 *parse_die(const ut8 *buf, const ut8 *buf_end, RzBinDwarfDebugI
+ 	size_t i;
+ 	const char *comp_dir = NULL;
+ 	ut64 line_info_offset = UT64_MAX;
+-	for (i = 0; i < abbrev->count - 1; i++) {
+-		memset(&die->attr_values[i], 0, sizeof(die->attr_values[i]));
++	if (abbrev->count) {
++		for (i = 0; i < abbrev->count - 1; i++) {
++			memset(&die->attr_values[i], 0, sizeof(die->attr_values[i]));
+ 
+-		buf = parse_attr_value(buf, buf_end - buf, &abbrev->defs[i],
+-			&die->attr_values[i], hdr, debug_str, debug_str_len, big_endian);
++			buf = parse_attr_value(buf, buf_end - buf, &abbrev->defs[i],
++				&die->attr_values[i], hdr, debug_str, debug_str_len, big_endian);
+ 
+-		RzBinDwarfAttrValue *attribute = &die->attr_values[i];
++			RzBinDwarfAttrValue *attribute = &die->attr_values[i];
+ 
+-		if (attribute->attr_name == DW_AT_comp_dir && (attribute->attr_form == DW_FORM_strp || attribute->attr_form == DW_FORM_string) && attribute->string.content) {
+-			comp_dir = attribute->string.content;
+-		}
+-		if (attribute->attr_name == DW_AT_stmt_list) {
+-			if (attribute->kind == DW_AT_KIND_CONSTANT) {
+-				line_info_offset = attribute->uconstant;
+-			} else if (attribute->kind == DW_AT_KIND_REFERENCE) {
+-				line_info_offset = attribute->reference;
++			if (attribute->attr_name == DW_AT_comp_dir && (attribute->attr_form == DW_FORM_strp || attribute->attr_form == DW_FORM_string) && attribute->string.content) {
++				comp_dir = attribute->string.content;
++			}
++			if (attribute->attr_name == DW_AT_stmt_list) {
++				if (attribute->kind == DW_AT_KIND_CONSTANT) {
++					line_info_offset = attribute->uconstant;
++				} else if (attribute->kind == DW_AT_KIND_REFERENCE) {
++					line_info_offset = attribute->reference;
++				}
+ 			}
++			die->count++;
+ 		}
+-		die->count++;
+ 	}
+ 
+ 	// If this is a compilation unit dir attribute, we want to cache it so the line info parsing
+diff --git a/test/db/formats/elf/crash b/test/db/formats/elf/crash
+index ea6c2c214bb..fb8a572bd56 100644
+--- a/test/db/formats/elf/crash
++++ b/test/db/formats/elf/crash
+@@ -25,3 +25,11 @@ nth vaddr bind type lib name
+ []
+ EOF
+ RUN
++
++NAME=ELF/Dwarf: abbrev empty
++FILE=bins/elf/dwarf_fuzzed_abbrev_empty
++CMDS=<<EOF
++aaa
++EOF
++EXPECT=
++RUN

diff --git a/dev-util/rizin/rizin-0.3.1-r2.ebuild b/dev-util/rizin/rizin-0.3.1-r2.ebuild
new file mode 100644
index 000000000000..5148796711c6
--- /dev/null
+++ b/dev-util/rizin/rizin-0.3.1-r2.ebuild
@@ -0,0 +1,103 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=(python3_{8,9,10})
+
+# This is the commit that the CI for the release commit used
+BINS_COMMIT="74b6e4511112b1a6abc571091efc32ec2a7d98a6"
+
+inherit meson python-any-r1
+
+DESCRIPTION="reverse engineering framework for binary analysis"
+HOMEPAGE="https://rizin.re/"
+
+SRC_URI="https://github.com/rizinorg/rizin/releases/download/v${PV}/rizin-src-v${PV}.tar.xz"
+	#test? ( https://github.com/rizinorg/rizin-testbins/archive/${BINS_COMMIT}.tar.gz -> rizin-testbins-${BINS_COMMIT}.tar.gz )"
+KEYWORDS="~amd64 ~arm64 ~x86"
+
+LICENSE="Apache-2.0 BSD LGPL-3 MIT"
+SLOT="0/${PV}"
+IUSE="test"
+
+# Need to audit licenses of the binaries used for testing
+RESTRICT="test"
+
+RDEPEND="
+	sys-apps/file
+	app-arch/lz4:0=
+	dev-libs/capstone:0=
+	dev-libs/libuv:0=
+	dev-libs/libzip:0=
+	dev-libs/openssl:0=
+	>=dev-libs/tree-sitter-0.19.0
+	dev-libs/xxhash
+	sys-libs/zlib:0=
+"
+DEPEND="${RDEPEND}"
+BDEPEND="${PYTHON_DEPS}"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-0.3.0-typedb-prefix.patch"
+	"${FILESDIR}/${P}-CVE-2021-43814.patch"
+)
+
+S="${WORKDIR}/${PN}-v${PV}"
+
+src_prepare() {
+	default
+
+	local py_to_mangle=(
+		librz/core/cmd_descs/cmd_descs_generate.py
+		subprojects/lz4-1.9.3/contrib/meson/meson/GetLz4LibraryVersion.py
+		subprojects/lz4-1.9.3/contrib/meson/meson/InstallSymlink.py
+		subprojects/lz4-1.9.3/tests/test-lz4-list.py
+		subprojects/lz4-1.9.3/tests/test-lz4-speed.py
+		subprojects/lz4-1.9.3/tests/test-lz4-versions.py
+		sys/clang-format.py
+		test/fuzz/scripts/fuzz_rz_asm.py
+		test/scripts/gdbserver.py
+	)
+
+	python_fix_shebang "${py_to_mangle[@]}"
+
+	if use test; then
+		cp -r "${WORKDIR}/rizin-testbins-${BINS_COMMIT}" "${S}/test/bins" || die
+		cp -r "${WORKDIR}/rizin-testbins-${BINS_COMMIT}" "${S}" || die
+	fi
+}
+
+src_configure() {
+	local emesonargs=(
+		-Dcli=enabled
+		-Duse_sys_capstone=enabled
+		-Duse_sys_magic=enabled
+		-Duse_sys_libzip=enabled
+		-Duse_sys_zlib=enabled
+		-Duse_sys_lz4=enabled
+		-Duse_sys_xxhash=enabled
+		-Duse_sys_openssl=enabled
+		-Duse_sys_tree_sitter=enabled
+
+		$(meson_use test enable_tests)
+		$(meson_use test enable_rz_test)
+	)
+	meson_src_configure
+}
+
+src_test() {
+	# Rizin uses data files that it expects to be installed on the
+	# system. To hack around this, we create a tree of what it expects
+	# in ${T}, and patch the tests to support a prefix from the
+	# environment. https://github.com/rizinorg/rizin/issues/1789
+	mkdir -p "${T}/usr/share/${PN}/${PV}" || die
+	ln -sf "${BUILD_DIR}/librz/analysis/d" "${T}/usr/share/${PN}/${PV}/types" || die
+	ln -sf "${BUILD_DIR}/librz/syscall/d" "${T}/usr/share/${PN}/${PV}/syscall" || die
+	ln -sf "${BUILD_DIR}/librz/asm/d" "${T}/usr/share/${PN}/${PV}/opcodes" || die
+	# https://github.com/rizinorg/rizin/issues/1797
+	ln -sf "${BUILD_DIR}/librz/flag/d" "${T}/usr/share/${PN}/${PV}/flag" || die
+	export RZ_PREFIX="${T}/usr"
+
+	meson_src_test
+}