New upstream version 1.2.1~dfsg0
IOhannes m zmölnig (Debian/GNU)
2 years ago
81 | 81 | 135 |
82 | 82 | 136 |
83 | 83 | 137 |
84 | 138) | |
84 | 138 | |
85 | 156 | |
86 | 163) | |
85 | 87 | # issues with osx 96) |
86 | 88 | add_test(fail-issue-${ISSUE} ${PROJECT_SOURCE_DIR}/tests/notcrashed.sh |
87 | 89 | ${PROJECT_SOURCE_DIR}/tests/fail-issue-${ISSUE}) |
55 | 55 | |
56 | 56 | > export ASAN_OPTIONS=symbolize=1 |
57 | 57 | |
58 | > cmake -DCMAKE_BUILD_TYPE=Debug -DADDRESS_SANITIZE=ON .. | |
58 | > cmake -DCMAKE_BUILD_TYPE=Debug -DADDRESS_SANITIZE=ON -DVDEBUG=1 .. | |
59 | 59 | |
60 | 60 | > make all test |
61 | 61 |
0 | # Security Policies and Procedures | |
1 | ||
2 | This document outlines security procedures and general policies for the `libmysofa` project. | |
3 | ||
4 | * [Reporting a Bug](#reporting-a-bug) | |
5 | * [Disclosure Policy](#disclosure-policy) | |
6 | * [Comments on this Policy](#comments-on-this-policy) | |
7 | ||
8 | ## Reporting a Bug | |
9 | ||
10 | The `libmysofa` team and community take all security bugs in `libmysofa` seriously. Thank you for improving the security of `libmysofa`. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. | |
11 | ||
12 | Report security bugs by emailing the lead maintainer at christian.hoene@symonics.com. | |
13 | ||
14 | The lead maintainer will acknowledge your email within 4 days and will send a more detailed response within 4 days indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. | |
15 | ||
16 | Report security bugs in third-party modules to the person or team maintaining the module. | |
17 | ||
18 | ## Disclosure Policy | |
19 | ||
20 | When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps: | |
21 | ||
22 | * Confirm the problem and determine whether it affects the main branch. | |
23 | * Audit code to find any potential similar problems. | |
24 | * Prepare a fix for the main branch. This fix will be released as fast as possible to github. | |
25 | ||
26 | ## Comments on this Policy | |
27 | ||
28 | If you have suggestions on how this process could be improved please submit a pull request. |
128 | 128 | install( |
129 | 129 | TARGETS mysofa-shared |
130 | 130 | RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} |
131 | ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} | |
131 | 132 | LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) |
132 | 133 | else() |
133 | 134 | generate_export_header(mysofa-static BASE_NAME mysofa EXPORT_FILE_NAME |
66 | 66 | if (i < 4) { |
67 | 67 | ds->dimension_size[i] = |
68 | 68 | readValue(reader, reader->superblock.size_of_lengths); |
69 | if (ds->dimension_size[i] < 0 || ds->dimension_size[i] > 1000000) { | |
69 | if (ds->dimension_size[i] > 1000000) { | |
70 | 70 | mylog("dimension_size is too large\n"); // LCOV_EXCL_LINE |
71 | 71 | return MYSOFA_INVALID_FORMAT; // LCOV_EXCL_LINE |
72 | 72 | } |
499 | 499 | store = ftell(reader->fhd); |
500 | 500 | if (fseek(reader->fhd, data_address, SEEK_SET) < 0) |
501 | 501 | return errno; // LCOV_EXCL_LINE |
502 | if (!data->data) { | |
503 | if (data_size > 0x10000000) | |
504 | return MYSOFA_INVALID_FORMAT; | |
505 | data->data_len = data_size; | |
506 | data->data = calloc(1, data_size); | |
507 | if (!data->data) | |
508 | return MYSOFA_NO_MEMORY; // LCOV_EXCL_LINE | |
502 | if (data->data) { | |
503 | free(data->data); | |
504 | data->data = NULL; | |
509 | 505 | } |
506 | if (data_size > 0x10000000) | |
507 | return MYSOFA_INVALID_FORMAT; | |
508 | data->data_len = data_size; | |
509 | data->data = calloc(1, data_size); | |
510 | if (!data->data) | |
511 | return MYSOFA_NO_MEMORY; // LCOV_EXCL_LINE | |
512 | ||
510 | 513 | err = fread(data->data, 1, data_size, reader->fhd); |
511 | 514 | if (err != data_size) |
512 | 515 | return MYSOFA_READ_ERROR; // LCOV_EXCL_LINE |
880 | 883 | |
881 | 884 | offset = readValue(reader, reader->superblock.size_of_offsets); |
882 | 885 | length = readValue(reader, reader->superblock.size_of_lengths); |
883 | if (offset > 0x1000000 || length > 0x10000000) | |
886 | if (offset > 0x2000000 || length > 0x10000000) | |
884 | 887 | return MYSOFA_UNSUPPORTED_FORMAT; // LCOV_EXCL_LINE |
885 | 888 | |
886 | 889 | mylog(" continue %08" PRIX64 " %08" PRIX64 "\n", offset, length); |
608 | 608 | |
609 | 609 | if (fread(fractalheap->filter_information, 1, fractalheap->encoded_length, |
610 | 610 | reader->fhd) != fractalheap->encoded_length) { |
611 | free(fractalheap->filter_information); | |
612 | 611 | return MYSOFA_READ_ERROR; |
613 | 612 | } |
614 | 613 | } |
Binary diff not shown
Binary diff not shown