[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libextractor] 05/27: defensive programming: avoid malloc(0
From: |
gnunet |
Subject: |
[GNUnet-SVN] [libextractor] 05/27: defensive programming: avoid malloc(0) in deb extractor |
Date: |
Sun, 15 Oct 2017 21:34:29 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository libextractor.
commit f71355829ab07f9632e3c1195f8bffa50e40826e
Author: Christian Grothoff <address@hidden>
AuthorDate: Sun Oct 15 19:49:27 2017 +0200
defensive programming: avoid malloc(0) in deb extractor
---
ChangeLog | 3 ++-
src/plugins/deb_extractor.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index f6dd28e1..c2a27af6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,8 @@
Sun Oct 15 19:36:41 CEST 2017
Fix potential file descriptor leak (on error handling path).
Fix potential assign-after-free (on IPC error handling path).
- Make sure to only pass "unsigned char" to functions like isspace(). -CG
+ Make sure to only pass "unsigned char" to functions like isspace().
+ Avoid malloc(0) in DEB extractor under certain conditions. -CG
Fri Oct 13 12:30:37 CEST 2017
Properly check read error in NSF plugin (from signedness confusion)
found by Leon Zhao. -CG
diff --git a/src/plugins/deb_extractor.c b/src/plugins/deb_extractor.c
index 47167322..afbe8bb5 100644
--- a/src/plugins/deb_extractor.c
+++ b/src/plugins/deb_extractor.c
@@ -363,6 +363,8 @@ processControlTGZ (struct EXTRACTOR_ExtractContext *ec,
if (size > MAX_CONTROL_SIZE)
return 0;
+ if (0 == size)
+ return 0;
if (NULL == (cdata = malloc (size)))
return 0;
off = 0;
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [libextractor] branch master updated (d0a7ceb6 -> e340cef5), gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 01/27: indentation fixes, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 04/27: indentation fixes, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 02/27: fix potential assign-after-free, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 08/27: fix potential buffer underflow read in deb_extractor, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 05/27: defensive programming: avoid malloc(0) in deb extractor,
gnunet <=
- [GNUnet-SVN] [libextractor] 03/27: avoid passing of char to isspace()-family of functions, always pass unsigned chars, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 09/27: fix very hypothetical lack of 0-termination in ole2-extractor iff translation string was more than 10x as long as the English version, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 16/27: handle allocation failure in gstreamer plugin, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 11/27: be more conservative about result from ctime_r, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 14/27: add missing continue if max meta data was reached to avoid use after free, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 15/27: fix indentation, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 06/27: fix duration initialization in ffmpeg extractor (badly positioned #if), gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 13/27: seems some specs of c_time allow up to 71 bytes, so increase buffer size just to be safe, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 19/27: need isspace, not isblank for rpm extractor, gnunet, 2017/10/15
- [GNUnet-SVN] [libextractor] 17/27: handle allocation failure in PDF fdopen call, gnunet, 2017/10/15