File csound-fix-CVE-2012-0270.patch of Package csound

Overview Repositories Revisions Requests Users Attributes Meta

File csound-fix-CVE-2012-0270.patch of Package csound

From 7d617a9551fb6c552ba16874b71266fcd90f3a6f Mon Sep 17 00:00:00 2001
From: John ffitch <jpff@cs.bath.ac.uk>
Date: Thu, 19 Jan 2012 21:15:30 +0000
Subject: [PATCH] fix buffer overflows

---
 util/het_import.c |    2 +-
 util/heti_main.c  |    2 +-
 util/lpci_main.c  |    4 ++++
 util/pv_import.c  |    2 +-
 4 files changed, 7 insertions(+), 3 deletions(-)

--- a/util/het_import.c
+++ b/util/het_import.c
@@ -49,7 +49,7 @@ short getnum(FILE* inf, char *term)
     char buff[100];
     int  cc;
     int p = 0;
-    while ((cc=getc(inf))!=',' && cc!='\n') {
+    while ((cc=getc(inf))!=',' && cc!='\n' && p<99) {
         if (cc == EOF) {
             *term = '\0';
             return 0;
--- a/util/heti_main.c
+++ b/util/heti_main.c
@@ -43,7 +43,7 @@ short getnum(FILE* inf, char *term)
     char buff[100];
     int  cc;
     int p = 0;
-    while ((cc=getc(inf))!=',' && cc!='\n') {
+    while ((cc=getc(inf))!=',' && cc!='\n' && p<99) {
         if (cc == EOF) {
             *term = '\0';
             return 0;
--- a/util/lpci_main.c
+++ b/util/lpci_main.c
@@ -78,6 +78,10 @@ int main(int argc, char **argv)
       putc(str[i],outf);
     putc('\n', outf);
     coef = (MYFLT *)malloc((hdr.npoles+hdr.nvals)*sizeof(MYFLT));
+    if (coef==NULL) {
+      printf("memory allocation failure\n");
+      exit(1);
+    }
     for (i = 0; i<hdr.nvals; i++) {
       fread(&coef[0], sizeof(MYFLT), hdr.npoles, inf);
       for (j=0; j<hdr.npoles; j++)
--- a/util/pv_import.c
+++ b/util/pv_import.c
@@ -44,7 +44,7 @@ static float getnum(FILE* inf, char *ter
     char buff[100];
     int  cc;
     int p = 0;
-    while ((cc=getc(inf))!=',' && cc!='\n' && cc!=EOF) buff[p++] = cc;
+    while ((cc=getc(inf))!=',' && cc!='\n' && cc!=EOF && p<99) buff[p++] = cc;
     buff[p]='\0';
     *term = cc;
     return (float)atof(buff);

Places

File csound-fix-CVE-2012-0270.patch of Package csound

Places