sys-apps/busybox: backport FORTIFY_SOURCE=3 (build) fix; ed UB fix

Closes: https://bugs.gentoo.org/893776
Thanks-to: Arsen Arsenović <arsen@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>

2 files changed, 70 insertions, 0 deletions

diff --git a/sys-apps/busybox/files/busybox-1.36.0-ed-memcpy-overlapping.patch b/sys-apps/busybox/files/busybox-1.36.0-ed-memcpy-overlapping.patch
new file mode 100644
index 000000000000..e474391ccd4d
--- /dev/null
+++ b/sys-apps/busybox/files/busybox-1.36.0-ed-memcpy-overlapping.patch
@@ -0,0 +1,38 @@
+https://git.busybox.net/busybox/commit/?id=ca96022d6edaaf619324db5a481698231d74d1df
+
+From ca96022d6edaaf619324db5a481698231d74d1df Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Tue, 8 Feb 2022 20:29:30 +0100
+Subject: ed: don't use memcpy with overlapping memory regions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The memcpy invocations in the subCommand function, modified by this
+commit, previously used memcpy with overlapping memory regions. This is
+undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since
+we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers
+implementation catches this source of undefined behavior [0]. The issue
+can only be triggered if the replacement string is the same size or
+shorter than the old string.
+
+Looking at the code, it seems to me that a memmove(3) is what was
+actually intended here, this commit modifies the code accordingly.
+
+[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504
+
+Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+--- a/editors/ed.c
++++ b/editors/ed.c
+@@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2)
+ 		if (deltaLen <= 0) {
+ 			memcpy(&lp->data[offset], newStr, newLen);
+ 			if (deltaLen) {
+-				memcpy(&lp->data[offset + newLen],
++				memmove(&lp->data[offset + newLen],
+ 					&lp->data[offset + oldLen],
+ 					lp->len - offset - oldLen);
+ 
+-- 
+cgit v1.2.3
diff --git a/sys-apps/busybox/files/busybox-1.36.0-fortify-source-3-fixdep.patch b/sys-apps/busybox/files/busybox-1.36.0-fortify-source-3-fixdep.patch
new file mode 100644
index 000000000000..659c81180fb5
--- /dev/null
+++ b/sys-apps/busybox/files/busybox-1.36.0-fortify-source-3-fixdep.patch
@@ -0,0 +1,32 @@
+https://bugs.gentoo.org/893776
+https://bugs.busybox.net/show_bug.cgi?id=15326
+http://lists.busybox.net/pipermail/busybox/2023-February/090173.html
+
+From 2d4a3d9e6c1493a9520b907e07a41aca90cdfd94 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= <arsen@gentoo.org>
+Date: Tue, 21 Feb 2023 20:20:31 +0100
+Subject: fixdep: avoid underflow when end of entry doesn't coincide with EOF
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Bug: https://bugs.gentoo.org/893776
+Closes: https://bugs.busybox.net/show_bug.cgi?id=15326
+Signed-off-by: Arsen Arsenović <arsen@gentoo.org>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+--- a/scripts/basic/fixdep.c
++++ b/scripts/basic/fixdep.c
+@@ -338,6 +338,11 @@ void parse_dep_file(void *map, size_t len)
+ 			do p--; while (!isalnum((unsigned char)*p));
+ 			p++;
+ 		}
++		if (p < m) {
++			/* we've consumed the last filename of this list
++			   already.  */
++			break;
++		}
+ 		memcpy(s, m, p-m); s[p-m] = 0;
+ 		if (strrcmp(s, "include/autoconf.h") &&
+ 		    strrcmp(s, "arch/um/include/uml-config.h") &&
+-- 
+cgit v1.2.3