File CVE-2019-19005.patch of Package autotrace

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2019-19005.patch of Package autotrace

From 268aee495bf0efbd0a548c7318203123d3bfb598 Mon Sep 17 00:00:00 2001
From: Matthew Pruett <matthewtpruett@yahoo.com>
Date: Sat, 6 Feb 2021 23:25:09 -0500
Subject: [PATCH] Check for size 0 passed to malloc and calloc

Handling of size 0 is implementation-defined and may lead to vulnerabilities based on implementation (https://wiki.sei.cmu.edu/confluence/display/c/MEM04-C.+Beware+of+zero-length+allocations). This fixes CVE-2017-9182 and CVE-2017-9190.
---
 src/xstd.h | 4 ++++
 1 file changed, 4 insertions(+)

Index: autotrace-0.31.1/xstd.h
===================================================================
--- autotrace-0.31.1.orig/xstd.h
+++ autotrace-0.31.1/xstd.h
@@ -20,6 +20,7 @@
 #define XMALLOC(new_mem, size)			\
 do						\
   {						\
+    assert(size);				\
     new_mem = (at_address) malloc (size);	\
     assert(new_mem);				\
   } while (0)
@@ -28,6 +29,7 @@ do						\
 #define XCALLOC(new_mem, size)			\
 do						\
   {						\
+    assert(size);				\
     new_mem = (at_address) calloc (size, 1);	\
     assert(new_mem);				\
   } while (0)
@@ -55,6 +57,7 @@ do							\
 #define XMALLOC(new_mem, size)					\
 do								\
   {								\
+    assert(size);						\
     (at_address&)(new_mem) = (at_address) malloc (size);	\
      assert(new_mem);						\
   } while (0) 
@@ -63,6 +66,7 @@ do								\
 #define XCALLOC(new_mem, sizex)					\
 do								\
   {								\
+    assert(sizex);						\
     (at_address&)(new_mem) = (void *) calloc (sizex, 1);	\
     assert(new_mem);						\
   } while (0)

Places

File CVE-2019-19005.patch of Package autotrace

Places