[protozero] 02/03: Include upstream patch to fix data_view equality operator.

Sat Jul 1 14:15:57 UTC 2017

This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch stretch
in repository protozero.

commit 7e2597a15fb4acb39ff05e1ca81b47b8f1228709
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Sat Jul 1 15:57:50 2017 +0200

    Include upstream patch to fix data_view equality operator.
    
    This fixes a rather embarrassing bug in the equality operator of the data_view class. The equality operator is actually never used in the protozero code itself, but users of protozero might use it. This is a serious bug that could lead to buffer overrun type problems.
---
 debian/changelog                                   |  5 ++
 ...001-Bugfix-in-data_view-equality-operator.patch | 63 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 69 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 207128c..6a85667 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,11 @@
 protozero (1.5.1-1+deb9u1) UNRELEASED; urgency=medium
 
   * Update branch in gbp.conf & Vcs-Git URL.
+  * Include upstream patch to fix data_view equality operator.
+    This fixes a rather embarrassing bug in the equality operator of the
+    data_view class. The equality operator is actually never used in the
+    protozero code itself, but users of protozero might use it. This is a
+    serious bug that could lead to buffer overrun type problems.
 
  -- Bas Couwenberg <sebastic at debian.org>  Sat, 01 Jul 2017 15:59:15 +0200
 
diff --git a/debian/patches/0001-Bugfix-in-data_view-equality-operator.patch b/debian/patches/0001-Bugfix-in-data_view-equality-operator.patch
new file mode 100644
index 0000000..2a46504
--- /dev/null
+++ b/debian/patches/0001-Bugfix-in-data_view-equality-operator.patch
@@ -0,0 +1,63 @@
+Description: Bugfix in data_view equality operator.
+ This fixes a rather embarrassing bug in the equality operator of the
+ data_view class. The equality operator is actually never used in the
+ protozero code itself, but users of protozero might use it. This is a
+ serious bug that could lead to buffer overrun type problems.
+Author: Jochen Topf <jochen at topf.org>
+Origin: https://github.com/mapbox/protozero/commit/3d998ed0864f0db1d876d72a2658e5bdff9a0474
+
+--- a/include/protozero/types.hpp
++++ b/include/protozero/types.hpp
+@@ -16,6 +16,7 @@ documentation.
+  * @brief Contains the declaration of low-level types used in the pbf format.
+  */
+ 
++#include <algorithm>
+ #include <cstddef>
+ #include <cstdint>
+ #include <cstring>
+@@ -178,7 +179,7 @@ inline void swap(data_view& lhs, data_vi
+  * @param rhs Second object.
+  */
+ inline bool operator==(const data_view& lhs, const data_view& rhs) noexcept {
+-    return lhs.size() == rhs.size() && !std::strcmp(lhs.data(), rhs.data());
++    return lhs.size() == rhs.size() && std::equal(lhs.data(), lhs.data() + lhs.size(), rhs.data());
+ }
+ 
+ /**
+--- a/test/t/data_view/test_cases.cpp
++++ b/test/t/data_view/test_cases.cpp
+@@ -64,20 +64,32 @@ TEST_CASE("comparing data_views") {
+     protozero::data_view v2{"bar"};
+     protozero::data_view v3{"foox"};
+     protozero::data_view v4{"foo"};
++    protozero::data_view v5{"fooooooo", 3};
++    protozero::data_view v6{"f\0o", 3};
++    protozero::data_view v7{"f\0obar", 3};
+ 
+     REQUIRE_FALSE(v1 == v2);
+     REQUIRE_FALSE(v1 == v3);
+     REQUIRE(v1 == v4);
++    REQUIRE(v1 == v5);
++    REQUIRE_FALSE(v1 == v6);
++    REQUIRE_FALSE(v1 == v7);
+     REQUIRE_FALSE(v2 == v3);
+     REQUIRE_FALSE(v2 == v4);
+     REQUIRE_FALSE(v3 == v4);
++    REQUIRE(v4 == v5);
++    REQUIRE(v6 == v7);
+ 
+     REQUIRE(v1 != v2);
+     REQUIRE(v1 != v3);
+     REQUIRE_FALSE(v1 != v4);
++    REQUIRE_FALSE(v1 != v5);
++    REQUIRE(v1 != v6);
++    REQUIRE(v1 != v7);
+     REQUIRE(v2 != v3);
+     REQUIRE(v2 != v4);
+     REQUIRE(v3 != v4);
++    REQUIRE_FALSE(v4 != v5);
++    REQUIRE_FALSE(v6 != v7);
+ }
+ 
+-
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..f90d4ef
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-Bugfix-in-data_view-equality-operator.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/protozero.git

