kde-apps/k3b: Fix K3b::Device::from2Byte out-of-bounds issue

See also: https://bugs.kde.org/show_bug.cgi?id=382941

Gentoo-bug: 616880

Package-Manager: Portage-2.3.6, Repoman-2.3.1

2 files changed, 195 insertions, 0 deletions

diff --git a/kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch b/kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch
new file mode 100644
index 000000000000..83034e748139
--- /dev/null
+++ b/kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch
@@ -0,0 +1,75 @@
+From 7f0be6a33b8260f7789c6aeed58be8d1c844229a Mon Sep 17 00:00:00 2001
+From: Leslie Zhai <lesliezhai@llvm.org.cn>
+Date: Tue, 1 Aug 2017 14:13:05 +0800
+Subject: Fix K3b::Device::from2Byte out-of-bounds issue.
+
+A great bug report by Mark!
+
+BUG: 382941
+---
+ libk3bdevice/k3bdeviceglobals.cpp | 24 ++++++++++++------------
+ tests/k3bdeviceglobalstest.cpp    |  4 +++-
+ 2 files changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/libk3bdevice/k3bdeviceglobals.cpp b/libk3bdevice/k3bdeviceglobals.cpp
+index 090ed29..c016f59 100644
+--- a/libk3bdevice/k3bdeviceglobals.cpp
++++ b/libk3bdevice/k3bdeviceglobals.cpp
+@@ -212,27 +212,27 @@ void K3b::Device::debugBitfield( unsigned char* data, long len )
+ }
+ 
+ 
+-quint16 K3b::Device::from2Byte( const unsigned char* d )
++quint16 K3b::Device::from2Byte(const unsigned char* d)
+ {
+-    if (d == NULL) {
+-        qWarning() << "Invalid nullptr!";
++    if (d == NULL || strlen((const char *) d) < 2) {
++        qWarning() << "Invalid Byte!";
+         return 0;
+     }
+-    return ( (d[0] << 8 & 0xFF00) |
+-             (d[1]      & 0xFF) );
++    return ((d[0] << 8 & 0xFF00) |
++            (d[1]      & 0xFF));
+ }
+ 
+ 
+-quint32 K3b::Device::from4Byte( const unsigned char* d )
++quint32 K3b::Device::from4Byte(const unsigned char* d)
+ {
+-    if (d == NULL) {
+-        qWarning() << "Invalid nullptr!";
++    if (d == NULL || strlen((const char *) d) < 4) {
++        qWarning() << "Invalid Byte!";
+         return 0;
+     }
+-    return ( (d[0] << 24 & 0xFF000000) |
+-             (d[1] << 16 & 0xFF0000)   |
+-             (d[2] << 8  & 0xFF00)     |
+-             (d[3]       & 0xFF) );
++    return ((d[0] << 24 & 0xFF000000) |
++            (d[1] << 16 & 0xFF0000)   |
++            (d[2] << 8  & 0xFF00)     |
++            (d[3]       & 0xFF));
+ }
+ 
+ 
+diff --git a/tests/k3bdeviceglobalstest.cpp b/tests/k3bdeviceglobalstest.cpp
+index 307b772..635ee39 100644
+--- a/tests/k3bdeviceglobalstest.cpp
++++ b/tests/k3bdeviceglobalstest.cpp
+@@ -23,8 +23,10 @@ DeviceGlobalsTest::DeviceGlobalsTest()
+ 
+ void DeviceGlobalsTest::testFrom2Byte()
+ {
+-    const unsigned char* d = NULL;
++    unsigned char* d = NULL;
+     QCOMPARE(K3b::Device::from2Byte(d), (quint16)0);
++    unsigned char buf[1] = { '\0' };
++    QCOMPARE(K3b::Device::from2Byte(buf), (quint16)0);
+ }
+ 
+ void DeviceGlobalsTest::testFrom4Byte() 
+-- 
+cgit v0.11.2
diff --git a/kde-apps/k3b/k3b-17.04.3-r2.ebuild b/kde-apps/k3b/k3b-17.04.3-r2.ebuild
new file mode 100644
index 000000000000..d6448856ec87
--- /dev/null
+++ b/kde-apps/k3b/k3b-17.04.3-r2.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+KDE_HANDBOOK="forceoptional"
+KDE_TEST="true"
+inherit kde5
+
+DESCRIPTION="Full-featured burning and ripping application based on KDE Frameworks"
+HOMEPAGE="http://www.k3b.org/"
+
+LICENSE="GPL-2 FDL-1.2"
+KEYWORDS="~amd64 ~x86"
+IUSE="dvd emovix encode ffmpeg flac libav mad mp3 musepack sndfile sox taglib vcd vorbis webkit"
+
+DEPEND="
+	$(add_frameworks_dep karchive)
+	$(add_frameworks_dep kbookmarks)
+	$(add_frameworks_dep kcmutils)
+	$(add_frameworks_dep kcompletion)
+	$(add_frameworks_dep kconfig)
+	$(add_frameworks_dep kconfigwidgets)
+	$(add_frameworks_dep kcoreaddons)
+	$(add_frameworks_dep kfilemetadata 'taglib?')
+	$(add_frameworks_dep ki18n)
+	$(add_frameworks_dep kiconthemes)
+	$(add_frameworks_dep kio)
+	$(add_frameworks_dep kjobwidgets)
+	$(add_frameworks_dep knewstuff)
+	$(add_frameworks_dep knotifications)
+	$(add_frameworks_dep knotifyconfig)
+	$(add_frameworks_dep kservice)
+	$(add_frameworks_dep kwidgetsaddons)
+	$(add_frameworks_dep kxmlgui)
+	$(add_frameworks_dep solid)
+	$(add_kdeapps_dep libkcddb)
+	$(add_qt_dep qtdbus)
+	$(add_qt_dep qtgui)
+	$(add_qt_dep qtnetwork)
+	$(add_qt_dep qtwidgets)
+	$(add_qt_dep qtxml)
+	media-libs/libsamplerate
+	dvd? ( media-libs/libdvdread )
+	ffmpeg? (
+		libav? ( media-video/libav:= )
+		!libav? ( media-video/ffmpeg:0= )
+	)
+	flac? ( >=media-libs/flac-1.2[cxx] )
+	mp3? ( media-sound/lame )
+	mad? ( media-libs/libmad )
+	musepack? ( >=media-sound/musepack-tools-444 )
+	sndfile? ( media-libs/libsndfile )
+	taglib? ( >=media-libs/taglib-1.5 )
+	vorbis? ( media-libs/libvorbis )
+	webkit? ( $(add_qt_dep qtwebkit) )
+"
+RDEPEND="${DEPEND}
+	app-cdr/cdrdao
+	dev-libs/libburn
+	media-sound/cdparanoia
+	virtual/cdrtools
+	dvd? (
+		>=app-cdr/dvd+rw-tools-7
+		encode? ( media-video/transcode[dvd] )
+	)
+	emovix? ( media-video/emovix )
+	sox? ( media-sound/sox )
+	vcd? ( media-video/vcdimager )
+"
+
+REQUIRED_USE="
+	flac? ( taglib )
+	mp3? ( encode taglib )
+	sox? ( encode taglib )
+"
+
+DOCS+=( ChangeLog {FAQ,PERMISSIONS,README}.txt )
+
+PATCHES=( "${FILESDIR}/${P}-out-of-bounds.patch" )
+
+src_configure() {
+	local mycmakeargs=(
+		-DK3B_BUILD_API_DOCS=OFF
+		-DK3B_BUILD_WAVE_DECODER_PLUGIN=ON
+		-DK3B_ENABLE_HAL_SUPPORT=OFF
+		-DK3B_ENABLE_MUSICBRAINZ=OFF
+		-DK3B_DEBUG=$(usex debug)
+		-DK3B_ENABLE_DVD_RIPPING=$(usex dvd)
+		-DK3B_BUILD_EXTERNAL_ENCODER_PLUGIN=$(usex encode)
+		-DK3B_BUILD_FFMPEG_DECODER_PLUGIN=$(usex ffmpeg)
+		-DK3B_BUILD_FLAC_DECODER_PLUGIN=$(usex flac)
+		-DK3B_BUILD_LAME_ENCODER_PLUGIN=$(usex mp3)
+		-DK3B_BUILD_MAD_DECODER_PLUGIN=$(usex mad)
+		-DK3B_BUILD_MUSE_DECODER_PLUGIN=$(usex musepack)
+		-DK3B_BUILD_SNDFILE_DECODER_PLUGIN=$(usex sndfile)
+		-DK3B_BUILD_SOX_ENCODER_PLUGIN=$(usex sox)
+		-DK3B_ENABLE_TAGLIB=$(usex taglib)
+		-DK3B_BUILD_OGGVORBIS_DECODER_PLUGIN=$(usex vorbis)
+		-DK3B_BUILD_OGGVORBIS_ENCODER_PLUGIN=$(usex vorbis)
+		$(cmake-utils_use_find_package webkit Qt5WebKitWidgets)
+	)
+
+	kde5_src_configure
+}
+
+pkg_postinst() {
+	kde5_pkg_postinst
+
+	echo
+	elog "If you get warnings on start-up, uncheck the \"Check system"
+	elog "configuration\" option in the \"Misc\" settings window."
+	echo
+
+	local group=cdrom
+	use kernel_linux || group=operator
+	elog "Make sure you have proper read/write permissions on optical device(s)."
+	elog "Usually, it is sufficient to be in the ${group} group."
+	echo
+}