Package list tigr-glimmer / c9b6060
Fix crashes reported by Mayhem Andreas Tille 5 years ago
3 changed file(s) with 145 addition(s) and 2 deletion(s). Raw diff Collapse all Expand all
0 tigr-glimmer (3.02-4) UNRELEASED; urgency=medium
0 tigr-glimmer (3.02-4) unstable; urgency=medium
11
22 * moved debian/upstream to debian/upstream/metadata
33 * cme fix dpkg-control
4 * Fix crashes reported by Mayhem
5 Closes: #715701, #715702
46
5 -- Andreas Tille <tille@debian.org> Mon, 14 Dec 2015 16:44:19 +0100
7 -- Andreas Tille <tille@debian.org> Tue, 15 Dec 2015 10:17:14 +0100
68
79 tigr-glimmer (3.02-3) unstable; urgency=low
810
0 Author: Andreas Tille <tille@debian.org>
1 Last-Update: Mon, 14 Dec 2015 16:44:19 +0100
2 Bug-Debian: http://bugs.debian.org/715701,
3 http://bugs.debian.org/715702
4 Description: Fix crashes reported by Mayhem
5 See http://www.drpaulcarter.com/cs/common-c-errors.php#4.1
6 to make fgetc() more safe. However, the original problem is
7 that for empty strings no space at all is allocated. This is
8 now done in advance.
9
10 --- a/src/ICM/build-fixed.cc
11 +++ b/src/ICM/build-fixed.cc
12 @@ -234,20 +234,24 @@ static int Read_String
13 {
14 int ch, ct;
15
16 - while ((ch = fgetc (fp)) != EOF && ch != '>')
17 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
18 ;
19
20 if (ch == EOF)
21 return FALSE;
22
23 ct = 0;
24 - while ((ch = fgetc (fp)) != EOF && ch != '\n' && isspace (ch))
25 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n') && isspace (ch))
26 ;
27 if (ch == EOF)
28 return FALSE;
29 - if (ch != '\n' && ! isspace (ch))
30 + if (ch != ((int) '\n') && ! isspace (ch))
31 ungetc (ch, fp);
32 - while ((ch = fgetc (fp)) != EOF && ch != '\n')
33 + if (tag_size == 0 ) {
34 + tag_size += INCR_SIZE;
35 + tag = (char *) Safe_realloc (tag, tag_size);
36 + }
37 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n'))
38 {
39 if (ct >= tag_size - 1)
40 {
41 @@ -259,7 +263,11 @@ static int Read_String
42 tag [ct ++] = '\0';
43
44 ct = 0;
45 - while ((ch = fgetc (fp)) != EOF && ch != '>')
46 + if (s_size == 0) {
47 + s_size += INCR_SIZE;
48 + s = (char *) Safe_realloc (s, s_size);
49 + }
50 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
51 {
52 if (isspace (ch))
53 continue;
54 --- a/src/ICM/build-icm.cc
55 +++ b/src/ICM/build-icm.cc
56 @@ -271,20 +271,24 @@ static int Read_String
57 {
58 int ch, ct;
59
60 - while ((ch = fgetc (fp)) != EOF && ch != '>')
61 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
62 ;
63
64 if (ch == EOF)
65 return FALSE;
66
67 ct = 0;
68 - while ((ch = fgetc (fp)) != EOF && ch != '\n' && isspace (ch))
69 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n') && isspace (ch))
70 ;
71 if (ch == EOF)
72 return FALSE;
73 if (ch != '\n' && ! isspace (ch))
74 ungetc (ch, fp);
75 - while ((ch = fgetc (fp)) != EOF && ch != '\n')
76 + if (tag_size == 0) {
77 + tag_size += INCR_SIZE;
78 + tag = (char *) Safe_realloc (tag, tag_size);
79 + }
80 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n'))
81 {
82 if (ct >= tag_size - 1)
83 {
84 @@ -296,7 +300,11 @@ static int Read_String
85 tag [ct ++] = '\0';
86
87 ct = 0;
88 - while ((ch = fgetc (fp)) != EOF && ch != '>')
89 + if (s_size == 0) {
90 + s_size += INCR_SIZE;
91 + s = (char *) Safe_realloc (s, s_size);
92 + }
93 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
94 {
95 if (isspace (ch))
96 continue;
97 --- a/src/ICM/score-fixed.cc
98 +++ b/src/ICM/score-fixed.cc
99 @@ -163,20 +163,24 @@ int Read_String
100 {
101 int ch, ct;
102
103 - while ((ch = fgetc (fp)) != EOF && ch != '>')
104 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
105 ;
106
107 if (ch == EOF)
108 return FALSE;
109
110 ct = 0;
111 - while ((ch = fgetc (fp)) != EOF && ch != '\n' && isspace (ch))
112 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n') && isspace (ch))
113 ;
114 if (ch == EOF)
115 return FALSE;
116 if (ch != '\n' && ! isspace (ch))
117 ungetc (ch, fp);
118 - while ((ch = fgetc (fp)) != EOF && ch != '\n')
119 + if (tag_size == 0 ) {
120 + tag_size += INCR_SIZE;
121 + tag = (char *) Safe_realloc (tag, tag_size);
122 + }
123 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n'))
124 {
125 if (ct >= tag_size - 1)
126 {
127 @@ -188,7 +192,11 @@ int Read_String
128 tag [ct ++] = '\0';
129
130 ct = 0;
131 - while ((ch = fgetc (fp)) != EOF && ch != '>')
132 + if (s_size == 0) {
133 + s_size += INCR_SIZE;
134 + s = (char *) Safe_realloc (s, s_size);
135 + }
136 + while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
137 {
138 if (isspace (ch))
139 continue;
00 10_gcc4.3.patch
11 10_gcc4.4.patch
22
3 mayhem.patch