NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3e186cee00
kumquat-buildroot/package/matio/0004-Fix-memory-leak.patch
Fabrice Fontaine e1af92592e package/matio: add upstream security fixes 
Fix the following CVEs:
 - CVE-2019-17533: Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits
   a certain '\0' character, leading to a heap-based buffer over-read in
   strdup_vprintf when uninitialized memory is accessed.
 - CVE-2019-20017: A stack-based buffer over-read was discovered in
   Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.
 - CVE-2019-20018: A stack-based buffer over-read was discovered in
   ReadNextCell in mat5.c in matio 1.5.17.
 - CVE-2019-20020: A stack-based buffer over-read was discovered in
   ReadNextStructField in mat5.c in matio 1.5.17.
 - CVE-2019-20052: A memory leak was discovered in Mat_VarCalloc in
   mat.c in matio 1.5.17 because SafeMulDims does not consider the
   rank==0 case.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-05-29 21:54:28 +02:00

40 lines
1.2 KiB
Diff
Raw Blame History

From a47b7cd3aca70e9a0bddf8146eb4ab0cbd19c2c3 Mon Sep 17 00:00:00 2001
From: tbeu <tbeu@users.noreply.github.com>
Date: Fri, 15 Nov 2019 23:20:41 +0100
Subject: [PATCH] Fix memory leak
As reported by https://github.com/tbeu/matio/issues/131
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Retrieved from:
https://github.com/tbeu/matio/commit/a47b7cd3aca70e9a0bddf8146eb4ab0cbd19c2c3]
---
src/mat.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/mat.c b/src/mat.c
index c9c6bd1..e62a9d2 100644
--- a/src/mat.c
+++ b/src/mat.c
@@ -220,6 +220,11 @@ int SafeMulDims(const matvar_t *matvar, size_t* nelems)
{
int i;
+ if ( matvar->rank == 0 ) {
+ *nelems = 0;
+ return 0;
+ }
+
for ( i = 0; i < matvar->rank; i++ ) {
if ( !psnip_safe_size_mul(nelems, *nelems, matvar->dims[i]) ) {
*nelems = 0;
@@ -1640,7 +1645,7 @@ Mat_VarFree(matvar_t *matvar)
}
#endif
if ( NULL != matvar->internal->fieldnames &&
- matvar->internal->num_fields > 0 ) {
+ matvar->internal->num_fields > 0 ) {
size_t i;
for ( i = 0; i < matvar->internal->num_fields; i++ ) {
if ( NULL != matvar->internal->fieldnames[i] )
Reference in New Issue View Git Blame Copy Permalink