NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c2caf816e9
kumquat-buildroot/package/matio/0001-Avoid-uninitialized-memory.patch
Fabrice Fontaine e1af92592e package/matio: add upstream security fixes 
Fix the following CVEs:
 - CVE-2019-17533: Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits
   a certain '\0' character, leading to a heap-based buffer over-read in
   strdup_vprintf when uninitialized memory is accessed.
 - CVE-2019-20017: A stack-based buffer over-read was discovered in
   Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.
 - CVE-2019-20018: A stack-based buffer over-read was discovered in
   ReadNextCell in mat5.c in matio 1.5.17.
 - CVE-2019-20020: A stack-based buffer over-read was discovered in
   ReadNextStructField in mat5.c in matio 1.5.17.
 - CVE-2019-20052: A memory leak was discovered in Mat_VarCalloc in
   mat.c in matio 1.5.17 because SafeMulDims does not consider the
   rank==0 case.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-05-29 21:54:28 +02:00

28 lines
843 B
Diff
Raw Blame History

From 651a8e28099edb5fbb9e4e1d4d3238848f446c9a Mon Sep 17 00:00:00 2001
From: tbeu <tbeu@users.noreply.github.com>
Date: Fri, 30 Aug 2019 09:21:26 +0200
Subject: [PATCH] Avoid uninitialized memory
As reported by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Retrieved from:
https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9a]
---
src/mat4.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/mat4.c b/src/mat4.c
index 601a3d6..93b4308 100644
--- a/src/mat4.c
+++ b/src/mat4.c
@@ -917,6 +917,8 @@ Mat_VarReadNextInfo4(mat_t *mat)
if ( tmp != readresult ) {
Mat_VarFree(matvar);
return NULL;
+ } else {
+ matvar->name[tmp - 1] = '\0';
}
matvar->internal->datapos = ftell((FILE*)mat->fp);
Reference in New Issue View Git Blame Copy Permalink