Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dsbhayangkara
kchmviewer
chmlib-0.39-security-fixes.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File chmlib-0.39-security-fixes.patch of Package kchmviewer
--- ./chmlib/chm_lib.c.orig 2006-07-07 09:50:33.000000000 +0700 +++ ./chmlib/chm_lib.c 2007-02-03 17:45:15.000000000 +0700 @@ -66,13 +66,6 @@ #include <strings.h> #endif -/* RWE 6/13/2003 */ -#ifdef _WIN32_WCE -#define FREEBUF(x) free(x) -#else -#define FREEBUF(x) /* do nothing */ -#endif - #ifdef WIN32 #include <windows.h> #include <malloc.h> @@ -771,6 +764,8 @@ /* allocate handle */ newHandle = (struct chmFile *)malloc(sizeof(struct chmFile)); + if (newHandle == NULL) + return NULL; newHandle->fd = CHM_NULL_FD; newHandle->lzx_state = NULL; newHandle->cache_blocks = NULL; @@ -1037,7 +1032,9 @@ /* allocate new cached blocks */ newBlocks = (UChar **)malloc(paramVal * sizeof (UChar *)); + if (newBlocks == NULL) return; newIndices = (UInt64 *)malloc(paramVal * sizeof (UInt64)); + if (newIndices == NULL) { free(newBlocks); return; } for (i=0; i<paramVal; i++) { newBlocks[i] = NULL; @@ -1258,16 +1255,11 @@ Int32 curPage; /* buffer to hold whatever page we're looking at */ -#ifdef WIN32 -#ifdef _WIN32_WCE + /* RWE 6/12/2003 */ UChar *page_buf = malloc(h->block_len); -#else - UChar *page_buf = alloca(h->block_len); -#endif -#else - UChar page_buf[h->block_len]; -#endif +if (page_buf == NULL) +return CHM_RESOLVE_FAILURE; /* starting page */ curPage = h->index_root; @@ -1281,7 +1273,7 @@ (UInt64)h->dir_offset + (UInt64)curPage*h->block_len, h->block_len) != h->block_len) { - FREEBUF(page_buf); + free(page_buf); return CHM_RESOLVE_FAILURE; } @@ -1294,13 +1286,13 @@ objPath); if (pEntry == NULL) { - FREEBUF(page_buf); + free(page_buf); return CHM_RESOLVE_FAILURE; } /* parse entry and return */ _chm_parse_PMGL_entry(&pEntry, ui); - FREEBUF(page_buf); + free(page_buf); return CHM_RESOLVE_SUCCESS; } @@ -1311,13 +1303,13 @@ /* else, we are confused. give up. */ else { - FREEBUF(page_buf); + free(page_buf); return CHM_RESOLVE_FAILURE; } } /* didn't find anything. fail. */ - FREEBUF(page_buf); + free(page_buf); return CHM_RESOLVE_FAILURE; } @@ -1392,23 +1384,15 @@ UInt64 block, UChar **ubuffer) { -#ifdef WIN32 -#ifdef _WIN32_WCE - /* RWE 6/12/2003 */ UChar *cbuffer = malloc(((unsigned int)h->reset_table.block_len + 6144)); -#else - UChar *cbuffer = alloca(((unsigned int)h->reset_table.block_len + 6144)); -#endif -#else - UChar cbuffer[h->reset_table.block_len + 6144]; /* compressed buffer */ -#endif UInt64 cmpStart; /* compressed start */ Int64 cmpLen; /* compressed len */ int indexSlot; /* cache index slot */ UChar *lbuffer; /* local buffer ptr */ UInt32 blockAlign = (UInt32)(block % h->reset_blkcount); /* reset intvl. aln. */ UInt32 i; /* local loop index */ - + if (cbuffer == NULL) + return -1; /* let the caching system pull its weight! */ if (block - blockAlign <= h->lzx_last_block && block >= h->lzx_last_block) @@ -1434,10 +1418,14 @@ } indexSlot = (int)((curBlockIdx) % h->cache_num_blocks); - h->cache_block_indices[indexSlot] = curBlockIdx; if (! h->cache_blocks[indexSlot]) - h->cache_blocks[indexSlot] = (UChar *)malloc( - (unsigned int)(h->reset_table.block_len)); + h->cache_blocks[indexSlot] = (UChar *)malloc((unsigned int)(h->reset_table.block_len)); + if (! h->cache_blocks[indexSlot]) + { + free(cbuffer); + return -1; + } + h->cache_block_indices[indexSlot] = curBlockIdx; lbuffer = h->cache_blocks[indexSlot]; /* decompress the previous block */ @@ -1454,7 +1442,7 @@ #ifdef CHM_DEBUG fprintf(stderr, " (DECOMPRESS FAILED!)\n"); #endif - FREEBUF(cbuffer); + free(cbuffer); return (Int64)0; } @@ -1475,10 +1463,14 @@ /* allocate slot in cache */ indexSlot = (int)(block % h->cache_num_blocks); - h->cache_block_indices[indexSlot] = block; if (! h->cache_blocks[indexSlot]) - h->cache_blocks[indexSlot] = (UChar *)malloc( - ((unsigned int)h->reset_table.block_len)); + h->cache_blocks[indexSlot] = (UChar *)malloc(((unsigned int)h->reset_table.block_len)); + if (! h->cache_blocks[indexSlot]) + { + free(cbuffer); + return -1; + } + h->cache_block_indices[indexSlot] = block; lbuffer = h->cache_blocks[indexSlot]; *ubuffer = lbuffer; @@ -1494,7 +1486,7 @@ #ifdef CHM_DEBUG fprintf(stderr, " (DECOMPRESS FAILED!)\n"); #endif - FREEBUF(cbuffer); + free(cbuffer); return (Int64)0; } h->lzx_last_block = (int)block; @@ -1502,7 +1494,7 @@ /* XXX: modify LZX routines to return the length of the data they * decompressed and return that instead, for an extra sanity check. */ - FREEBUF(cbuffer); + free(cbuffer); return h->reset_table.block_len; } @@ -1627,16 +1619,9 @@ Int32 curPage; /* buffer to hold whatever page we're looking at */ -#ifdef WIN32 -#ifdef _WIN32_WCE /* RWE 6/12/2003 */ UChar *page_buf = malloc((unsigned int)h->block_len); -#else - UChar *page_buf = alloca((unsigned int)h->block_len); -#endif -#else - UChar page_buf[h->block_len]; -#endif + struct chmPmglHeader header; UChar *end; UChar *cur; @@ -1647,6 +1632,8 @@ struct chmUnitInfo ui; int type_bits = (what & 0x7); int filter_bits = (what & 0xF8); + if (page_buf == NULL) + return 0; /* starting page */ curPage = h->index_head; @@ -1661,7 +1648,7 @@ (UInt64)h->dir_offset + (UInt64)curPage*h->block_len, h->block_len) != h->block_len) { - FREEBUF(page_buf); + free(page_buf); return 0; } @@ -1670,7 +1657,7 @@ lenRemain = _CHM_PMGL_LEN; if (! _unmarshal_pmgl_header(&cur, &lenRemain, &header)) { - FREEBUF(page_buf); + free(page_buf); return 0; } end = page_buf + h->block_len - (header.free_space); @@ -1682,7 +1669,7 @@ if (! _chm_parse_PMGL_entry(&cur, &ui)) { - FREEBUF(page_buf); + free(page_buf); return 0; } @@ -1722,12 +1709,12 @@ switch (status) { case CHM_ENUMERATOR_FAILURE: - FREEBUF(page_buf); + free(page_buf); return 0; case CHM_ENUMERATOR_CONTINUE: break; case CHM_ENUMERATOR_SUCCESS: - FREEBUF(page_buf); + free(page_buf); return 1; default: break; @@ -1739,7 +1726,7 @@ curPage = header.block_next; } - FREEBUF(page_buf); + free(page_buf); return 1; } @@ -1756,16 +1743,9 @@ Int32 curPage; /* buffer to hold whatever page we're looking at */ -#ifdef WIN32 -#ifdef _WIN32_WCE + /* RWE 6/12/2003 */ UChar *page_buf = malloc((unsigned int)h->block_len); -#else - UChar *page_buf = alloca((unsigned int)h->block_len); -#endif -#else - UChar page_buf[h->block_len]; -#endif struct chmPmglHeader header; UChar *end; UChar *cur; @@ -1786,6 +1766,9 @@ char lastPath[CHM_MAX_PATHLEN+1]; int lastPathLen; +if (page_buf == NULL) +return 0; + /* starting page */ curPage = h->index_head; @@ -1815,7 +1798,7 @@ (UInt64)h->dir_offset + (UInt64)curPage*h->block_len, h->block_len) != h->block_len) { - FREEBUF(page_buf); + free(page_buf); return 0; } @@ -1824,7 +1807,7 @@ lenRemain = _CHM_PMGL_LEN; if (! _unmarshal_pmgl_header(&cur, &lenRemain, &header)) { - FREEBUF(page_buf); + free(page_buf); return 0; } end = page_buf + h->block_len - (header.free_space); @@ -1836,7 +1819,7 @@ if (! _chm_parse_PMGL_entry(&cur, &ui)) { - FREEBUF(page_buf); + free(page_buf); return 0; } @@ -1857,7 +1840,7 @@ { if (strncasecmp(ui.path, prefixRectified, prefixLen) != 0) { - FREEBUF(page_buf); + free(page_buf); return 1; } } @@ -1908,12 +1891,12 @@ switch (status) { case CHM_ENUMERATOR_FAILURE: - FREEBUF(page_buf); + free(page_buf); return 0; case CHM_ENUMERATOR_CONTINUE: break; case CHM_ENUMERATOR_SUCCESS: - FREEBUF(page_buf); + free(page_buf); return 1; default: break; @@ -1925,6 +1908,6 @@ curPage = header.block_next; } - FREEBUF(page_buf); + free(page_buf); return 1; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
