Author: Andreas Tille <tille@debian.org>
Last-Update: Mon, 14 Dec 2015 16:44:19 +0100
Bug-Debian: http://bugs.debian.org/715701,
http://bugs.debian.org/715702
Description: Fix crashes reported by Mayhem
See http://www.drpaulcarter.com/cs/common-c-errors.php#4.1
to make fgetc() more safe. However, the original problem is
that for empty strings no space at all is allocated. This is
now done in advance.
--- a/src/ICM/build-fixed.cc
+++ b/src/ICM/build-fixed.cc
@@ -234,20 +234,24 @@ static int Read_String
{
int ch, ct;
- while ((ch = fgetc (fp)) != EOF && ch != '>')
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
;
if (ch == EOF)
return FALSE;
ct = 0;
- while ((ch = fgetc (fp)) != EOF && ch != '\n' && isspace (ch))
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n') && isspace (ch))
;
if (ch == EOF)
return FALSE;
- if (ch != '\n' && ! isspace (ch))
+ if (ch != ((int) '\n') && ! isspace (ch))
ungetc (ch, fp);
- while ((ch = fgetc (fp)) != EOF && ch != '\n')
+ if (tag_size == 0 ) {
+ tag_size += INCR_SIZE;
+ tag = (char *) Safe_realloc (tag, tag_size);
+ }
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n'))
{
if (ct >= tag_size - 1)
{
@@ -259,7 +263,11 @@ static int Read_String
tag [ct ++] = '\0';
ct = 0;
- while ((ch = fgetc (fp)) != EOF && ch != '>')
+ if (s_size == 0) {
+ s_size += INCR_SIZE;
+ s = (char *) Safe_realloc (s, s_size);
+ }
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
{
if (isspace (ch))
continue;
--- a/src/ICM/build-icm.cc
+++ b/src/ICM/build-icm.cc
@@ -271,20 +271,24 @@ static int Read_String
{
int ch, ct;
- while ((ch = fgetc (fp)) != EOF && ch != '>')
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
;
if (ch == EOF)
return FALSE;
ct = 0;
- while ((ch = fgetc (fp)) != EOF && ch != '\n' && isspace (ch))
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n') && isspace (ch))
;
if (ch == EOF)
return FALSE;
if (ch != '\n' && ! isspace (ch))
ungetc (ch, fp);
- while ((ch = fgetc (fp)) != EOF && ch != '\n')
+ if (tag_size == 0) {
+ tag_size += INCR_SIZE;
+ tag = (char *) Safe_realloc (tag, tag_size);
+ }
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n'))
{
if (ct >= tag_size - 1)
{
@@ -296,7 +300,11 @@ static int Read_String
tag [ct ++] = '\0';
ct = 0;
- while ((ch = fgetc (fp)) != EOF && ch != '>')
+ if (s_size == 0) {
+ s_size += INCR_SIZE;
+ s = (char *) Safe_realloc (s, s_size);
+ }
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
{
if (isspace (ch))
continue;
--- a/src/ICM/score-fixed.cc
+++ b/src/ICM/score-fixed.cc
@@ -163,20 +163,24 @@ int Read_String
{
int ch, ct;
- while ((ch = fgetc (fp)) != EOF && ch != '>')
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
;
if (ch == EOF)
return FALSE;
ct = 0;
- while ((ch = fgetc (fp)) != EOF && ch != '\n' && isspace (ch))
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n') && isspace (ch))
;
if (ch == EOF)
return FALSE;
if (ch != '\n' && ! isspace (ch))
ungetc (ch, fp);
- while ((ch = fgetc (fp)) != EOF && ch != '\n')
+ if (tag_size == 0 ) {
+ tag_size += INCR_SIZE;
+ tag = (char *) Safe_realloc (tag, tag_size);
+ }
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n'))
{
if (ct >= tag_size - 1)
{
@@ -188,7 +192,11 @@ int Read_String
tag [ct ++] = '\0';
ct = 0;
- while ((ch = fgetc (fp)) != EOF && ch != '>')
+ if (s_size == 0) {
+ s_size += INCR_SIZE;
+ s = (char *) Safe_realloc (s, s_size);
+ }
+ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
{
if (isspace (ch))
continue;