diff options
| author | Corinna Vinschen <corinna@vinschen.de> | 2014-06-24 00:21:54 +0400 |
|---|---|---|
| committer | Corinna Vinschen <corinna@vinschen.de> | 2014-06-24 00:21:54 +0400 |
| commit | 4491d189ae389fcfa8ba909c5f53645a01dc6db8 (patch) | |
| tree | f2e536a460e392fe6ac6cbd2f37a065f2bba7b2d | |
| parent | 8431e478d2f74ebf0bcfd2bc4c71e3c391fc7753 (diff) | |
* libc/argz/envz_merge.c (envz_merge): Fix memory leak (Cygwin Coverity
Scan CID 60023).
* libc/ctype/iswalpha.c (iswalpha): Add bounds check to avoid
out-of-bounds read from utf8 tables (CID 59949).
* libc/locale/ldpart.c (__part_load_locale): Add 1 byte to size of lbuf.
Write NUL into the last byte to accommodate split_lines (CID 60047).
| -rw-r--r-- | newlib/ChangeLog | 9 | ||||
| -rw-r--r-- | newlib/libc/argz/envz_merge.c | 1 | ||||
| -rw-r--r-- | newlib/libc/ctype/iswalpha.c | 2 | ||||
| -rw-r--r-- | newlib/libc/locale/ldpart.c | 3 |
4 files changed, 13 insertions, 2 deletions
diff --git a/newlib/ChangeLog b/newlib/ChangeLog index 5edd14bfe..ab21c37be 100644 --- a/newlib/ChangeLog +++ b/newlib/ChangeLog @@ -1,3 +1,12 @@ +2014-06-23 Corinna Vinschen <vinschen@redhat.com> + + * libc/argz/envz_merge.c (envz_merge): Fix memory leak (Cygwin Coverity + Scan CID 60023). + * libc/ctype/iswalpha.c (iswalpha): Add bounds check to avoid + out-of-bounds read from utf8 tables (CID 59949). + * libc/locale/ldpart.c (__part_load_locale): Add 1 byte to size of lbuf. + Write NUL into the last byte to accommodate split_lines (CID 60047). + 2014-06-11 Richard Earnshaw <rearnsha@arm.com> * libc/machine/aarch64/strchrnul.S: New file. diff --git a/newlib/libc/argz/envz_merge.c b/newlib/libc/argz/envz_merge.c index 46832202e..8a26bc3c3 100644 --- a/newlib/libc/argz/envz_merge.c +++ b/newlib/libc/argz/envz_merge.c @@ -55,6 +55,7 @@ _DEFUN (envz_merge, (envz, envz_len, envz2, envz2_len, override), } retval = envz_add(envz, envz_len, name_str, val_str); + free(name_str); } } return retval; diff --git a/newlib/libc/ctype/iswalpha.c b/newlib/libc/ctype/iswalpha.c index 16d424086..71f0e4a4b 100644 --- a/newlib/libc/ctype/iswalpha.c +++ b/newlib/libc/ctype/iswalpha.c @@ -415,7 +415,7 @@ _DEFUN(iswalpha,(c), wint_t c) /* otherwise c > *ptr */ /* look for 0x0 as next element which indicates a range */ ++ptr; - if (*ptr == 0x0) + if (ptr < table + size - 1 && *ptr == 0x0) { /* we have a range..see if c falls within range */ ++ptr; diff --git a/newlib/libc/locale/ldpart.c b/newlib/libc/locale/ldpart.c index 595532298..35ad3bd13 100644 --- a/newlib/libc/locale/ldpart.c +++ b/newlib/libc/locale/ldpart.c @@ -110,7 +110,7 @@ __part_load_locale(const char *name, goto bad_locale; if (st.st_size <= 0) goto bad_locale; - bufsize = namesize + st.st_size; + bufsize = namesize + st.st_size + 1; locale_buf = NULL; if (lbuf == NULL || lbuf == locale_buf_C) @@ -137,6 +137,7 @@ __part_load_locale(const char *name, /* * Parse the locale file into localebuf. */ + p[st.st_size] = '\0'; if (plim[-1] != '\n') goto bad_lbuf; num_lines = split_lines(p, plim); |