New upstream version 1.2.1~dfsg0
IOhannes m zmölnig (Debian/GNU)
2 years ago
| 81 | 81 | 135 |
| 82 | 82 | 136 |
| 83 | 83 | 137 |
| 84 | 138) | |
| 84 | 138 | |
| 85 | 156 | |
| 86 | 163) | |
| 85 | 87 | # issues with osx 96) |
| 86 | 88 | add_test(fail-issue-${ISSUE} ${PROJECT_SOURCE_DIR}/tests/notcrashed.sh |
| 87 | 89 | ${PROJECT_SOURCE_DIR}/tests/fail-issue-${ISSUE}) |
| 55 | 55 | |
| 56 | 56 | > export ASAN_OPTIONS=symbolize=1 |
| 57 | 57 | |
| 58 | > cmake -DCMAKE_BUILD_TYPE=Debug -DADDRESS_SANITIZE=ON .. | |
| 58 | > cmake -DCMAKE_BUILD_TYPE=Debug -DADDRESS_SANITIZE=ON -DVDEBUG=1 .. | |
| 59 | 59 | |
| 60 | 60 | > make all test |
| 61 | 61 |
| 0 | # Security Policies and Procedures | |
| 1 | ||
| 2 | This document outlines security procedures and general policies for the `libmysofa` project. | |
| 3 | ||
| 4 | * [Reporting a Bug](#reporting-a-bug) | |
| 5 | * [Disclosure Policy](#disclosure-policy) | |
| 6 | * [Comments on this Policy](#comments-on-this-policy) | |
| 7 | ||
| 8 | ## Reporting a Bug | |
| 9 | ||
| 10 | The `libmysofa` team and community take all security bugs in `libmysofa` seriously. Thank you for improving the security of `libmysofa`. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. | |
| 11 | ||
| 12 | Report security bugs by emailing the lead maintainer at christian.hoene@symonics.com. | |
| 13 | ||
| 14 | The lead maintainer will acknowledge your email within 4 days and will send a more detailed response within 4 days indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. | |
| 15 | ||
| 16 | Report security bugs in third-party modules to the person or team maintaining the module. | |
| 17 | ||
| 18 | ## Disclosure Policy | |
| 19 | ||
| 20 | When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps: | |
| 21 | ||
| 22 | * Confirm the problem and determine whether it affects the main branch. | |
| 23 | * Audit code to find any potential similar problems. | |
| 24 | * Prepare a fix for the main branch. This fix will be released as fast as possible to github. | |
| 25 | ||
| 26 | ## Comments on this Policy | |
| 27 | ||
| 28 | If you have suggestions on how this process could be improved please submit a pull request. |
| 128 | 128 | install( |
| 129 | 129 | TARGETS mysofa-shared |
| 130 | 130 | RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} |
| 131 | ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} | |
| 131 | 132 | LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) |
| 132 | 133 | else() |
| 133 | 134 | generate_export_header(mysofa-static BASE_NAME mysofa EXPORT_FILE_NAME |
| 66 | 66 | if (i < 4) { |
| 67 | 67 | ds->dimension_size[i] = |
| 68 | 68 | readValue(reader, reader->superblock.size_of_lengths); |
| 69 | if (ds->dimension_size[i] < 0 || ds->dimension_size[i] > 1000000) { | |
| 69 | if (ds->dimension_size[i] > 1000000) { | |
| 70 | 70 | mylog("dimension_size is too large\n"); // LCOV_EXCL_LINE |
| 71 | 71 | return MYSOFA_INVALID_FORMAT; // LCOV_EXCL_LINE |
| 72 | 72 | } |
| 499 | 499 | store = ftell(reader->fhd); |
| 500 | 500 | if (fseek(reader->fhd, data_address, SEEK_SET) < 0) |
| 501 | 501 | return errno; // LCOV_EXCL_LINE |
| 502 | if (!data->data) { | |
| 503 | if (data_size > 0x10000000) | |
| 504 | return MYSOFA_INVALID_FORMAT; | |
| 505 | data->data_len = data_size; | |
| 506 | data->data = calloc(1, data_size); | |
| 507 | if (!data->data) | |
| 508 | return MYSOFA_NO_MEMORY; // LCOV_EXCL_LINE | |
| 502 | if (data->data) { | |
| 503 | free(data->data); | |
| 504 | data->data = NULL; | |
| 509 | 505 | } |
| 506 | if (data_size > 0x10000000) | |
| 507 | return MYSOFA_INVALID_FORMAT; | |
| 508 | data->data_len = data_size; | |
| 509 | data->data = calloc(1, data_size); | |
| 510 | if (!data->data) | |
| 511 | return MYSOFA_NO_MEMORY; // LCOV_EXCL_LINE | |
| 512 | ||
| 510 | 513 | err = fread(data->data, 1, data_size, reader->fhd); |
| 511 | 514 | if (err != data_size) |
| 512 | 515 | return MYSOFA_READ_ERROR; // LCOV_EXCL_LINE |
| 880 | 883 | |
| 881 | 884 | offset = readValue(reader, reader->superblock.size_of_offsets); |
| 882 | 885 | length = readValue(reader, reader->superblock.size_of_lengths); |
| 883 | if (offset > 0x1000000 || length > 0x10000000) | |
| 886 | if (offset > 0x2000000 || length > 0x10000000) | |
| 884 | 887 | return MYSOFA_UNSUPPORTED_FORMAT; // LCOV_EXCL_LINE |
| 885 | 888 | |
| 886 | 889 | mylog(" continue %08" PRIX64 " %08" PRIX64 "\n", offset, length); |
| 608 | 608 | |
| 609 | 609 | if (fread(fractalheap->filter_information, 1, fractalheap->encoded_length, |
| 610 | 610 | reader->fhd) != fractalheap->encoded_length) { |
| 611 | free(fractalheap->filter_information); | |
| 612 | 611 | return MYSOFA_READ_ERROR; |
| 613 | 612 | } |
| 614 | 613 | } |
Binary diff not shown
Binary diff not shown