[med-svn] r20764 - in trunk/packages/tigr-glimmer/trunk/debian: . patches
Andreas Tille
tille at moszumanska.debian.org
Tue Dec 15 09:21:38 UTC 2015
Author: tille
Date: 2015-12-15 09:21:37 +0000 (Tue, 15 Dec 2015)
New Revision: 20764
Added:
trunk/packages/tigr-glimmer/trunk/debian/patches/mayhem.patch
Modified:
trunk/packages/tigr-glimmer/trunk/debian/changelog
trunk/packages/tigr-glimmer/trunk/debian/patches/series
Log:
Fix crashes reported by Mayhem
Modified: trunk/packages/tigr-glimmer/trunk/debian/changelog
===================================================================
--- trunk/packages/tigr-glimmer/trunk/debian/changelog 2015-12-14 18:23:01 UTC (rev 20763)
+++ trunk/packages/tigr-glimmer/trunk/debian/changelog 2015-12-15 09:21:37 UTC (rev 20764)
@@ -1,9 +1,11 @@
-tigr-glimmer (3.02-4) UNRELEASED; urgency=medium
+tigr-glimmer (3.02-4) unstable; urgency=medium
* moved debian/upstream to debian/upstream/metadata
* cme fix dpkg-control
+ * Fix crashes reported by Mayhem
+ Closes: #715701, #715702
- -- Andreas Tille <tille at debian.org> Mon, 14 Dec 2015 16:44:19 +0100
+ -- Andreas Tille <tille at debian.org> Tue, 15 Dec 2015 10:17:14 +0100
tigr-glimmer (3.02-3) unstable; urgency=low
Added: trunk/packages/tigr-glimmer/trunk/debian/patches/mayhem.patch
===================================================================
--- trunk/packages/tigr-glimmer/trunk/debian/patches/mayhem.patch (rev 0)
+++ trunk/packages/tigr-glimmer/trunk/debian/patches/mayhem.patch 2015-12-15 09:21:37 UTC (rev 20764)
@@ -0,0 +1,140 @@
+Author: Andreas Tille <tille at debian.org>
+Last-Update: Mon, 14 Dec 2015 16:44:19 +0100
+Bug-Debian: http://bugs.debian.org/715701,
+ http://bugs.debian.org/715702
+Description: Fix crashes reported by Mayhem
+ See http://www.drpaulcarter.com/cs/common-c-errors.php#4.1
+ to make fgetc() more safe. However, the original problem is
+ that for empty strings no space at all is allocated. This is
+ now done in advance.
+
+--- a/src/ICM/build-fixed.cc
++++ b/src/ICM/build-fixed.cc
+@@ -234,20 +234,24 @@ static int Read_String
+ {
+ int ch, ct;
+
+- while ((ch = fgetc (fp)) != EOF && ch != '>')
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
+ ;
+
+ if (ch == EOF)
+ return FALSE;
+
+ ct = 0;
+- while ((ch = fgetc (fp)) != EOF && ch != '\n' && isspace (ch))
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n') && isspace (ch))
+ ;
+ if (ch == EOF)
+ return FALSE;
+- if (ch != '\n' && ! isspace (ch))
++ if (ch != ((int) '\n') && ! isspace (ch))
+ ungetc (ch, fp);
+- while ((ch = fgetc (fp)) != EOF && ch != '\n')
++ if (tag_size == 0 ) {
++ tag_size += INCR_SIZE;
++ tag = (char *) Safe_realloc (tag, tag_size);
++ }
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n'))
+ {
+ if (ct >= tag_size - 1)
+ {
+@@ -259,7 +263,11 @@ static int Read_String
+ tag [ct ++] = '\0';
+
+ ct = 0;
+- while ((ch = fgetc (fp)) != EOF && ch != '>')
++ if (s_size == 0) {
++ s_size += INCR_SIZE;
++ s = (char *) Safe_realloc (s, s_size);
++ }
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
+ {
+ if (isspace (ch))
+ continue;
+--- a/src/ICM/build-icm.cc
++++ b/src/ICM/build-icm.cc
+@@ -271,20 +271,24 @@ static int Read_String
+ {
+ int ch, ct;
+
+- while ((ch = fgetc (fp)) != EOF && ch != '>')
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
+ ;
+
+ if (ch == EOF)
+ return FALSE;
+
+ ct = 0;
+- while ((ch = fgetc (fp)) != EOF && ch != '\n' && isspace (ch))
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n') && isspace (ch))
+ ;
+ if (ch == EOF)
+ return FALSE;
+ if (ch != '\n' && ! isspace (ch))
+ ungetc (ch, fp);
+- while ((ch = fgetc (fp)) != EOF && ch != '\n')
++ if (tag_size == 0) {
++ tag_size += INCR_SIZE;
++ tag = (char *) Safe_realloc (tag, tag_size);
++ }
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n'))
+ {
+ if (ct >= tag_size - 1)
+ {
+@@ -296,7 +300,11 @@ static int Read_String
+ tag [ct ++] = '\0';
+
+ ct = 0;
+- while ((ch = fgetc (fp)) != EOF && ch != '>')
++ if (s_size == 0) {
++ s_size += INCR_SIZE;
++ s = (char *) Safe_realloc (s, s_size);
++ }
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
+ {
+ if (isspace (ch))
+ continue;
+--- a/src/ICM/score-fixed.cc
++++ b/src/ICM/score-fixed.cc
+@@ -163,20 +163,24 @@ int Read_String
+ {
+ int ch, ct;
+
+- while ((ch = fgetc (fp)) != EOF && ch != '>')
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
+ ;
+
+ if (ch == EOF)
+ return FALSE;
+
+ ct = 0;
+- while ((ch = fgetc (fp)) != EOF && ch != '\n' && isspace (ch))
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n') && isspace (ch))
+ ;
+ if (ch == EOF)
+ return FALSE;
+ if (ch != '\n' && ! isspace (ch))
+ ungetc (ch, fp);
+- while ((ch = fgetc (fp)) != EOF && ch != '\n')
++ if (tag_size == 0 ) {
++ tag_size += INCR_SIZE;
++ tag = (char *) Safe_realloc (tag, tag_size);
++ }
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '\n'))
+ {
+ if (ct >= tag_size - 1)
+ {
+@@ -188,7 +192,11 @@ int Read_String
+ tag [ct ++] = '\0';
+
+ ct = 0;
+- while ((ch = fgetc (fp)) != EOF && ch != '>')
++ if (s_size == 0) {
++ s_size += INCR_SIZE;
++ s = (char *) Safe_realloc (s, s_size);
++ }
++ while ((ch = fgetc (fp)) != EOF && ch != ((int) '>'))
+ {
+ if (isspace (ch))
+ continue;
Modified: trunk/packages/tigr-glimmer/trunk/debian/patches/series
===================================================================
--- trunk/packages/tigr-glimmer/trunk/debian/patches/series 2015-12-14 18:23:01 UTC (rev 20763)
+++ trunk/packages/tigr-glimmer/trunk/debian/patches/series 2015-12-15 09:21:37 UTC (rev 20764)
@@ -1,3 +1,4 @@
10_gcc4.3.patch
10_gcc4.4.patch
+mayhem.patch
More information about the debian-med-commit
mailing list