From 4491d189ae389fcfa8ba909c5f53645a01dc6db8 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Mon, 23 Jun 2014 20:21:54 +0000 Subject: [PATCH] * libc/argz/envz_merge.c (envz_merge): Fix memory leak (Cygwin Coverity Scan CID 60023). * libc/ctype/iswalpha.c (iswalpha): Add bounds check to avoid out-of-bounds read from utf8 tables (CID 59949). * libc/locale/ldpart.c (__part_load_locale): Add 1 byte to size of lbuf. Write NUL into the last byte to accommodate split_lines (CID 60047). --- newlib/ChangeLog | 9 +++++++++ newlib/libc/argz/envz_merge.c | 1 + newlib/libc/ctype/iswalpha.c | 2 +- newlib/libc/locale/ldpart.c | 3 ++- 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/newlib/ChangeLog b/newlib/ChangeLog index 5edd14bfe..ab21c37be 100644 --- a/newlib/ChangeLog +++ b/newlib/ChangeLog @@ -1,3 +1,12 @@ +2014-06-23 Corinna Vinschen + + * libc/argz/envz_merge.c (envz_merge): Fix memory leak (Cygwin Coverity + Scan CID 60023). + * libc/ctype/iswalpha.c (iswalpha): Add bounds check to avoid + out-of-bounds read from utf8 tables (CID 59949). + * libc/locale/ldpart.c (__part_load_locale): Add 1 byte to size of lbuf. + Write NUL into the last byte to accommodate split_lines (CID 60047). + 2014-06-11 Richard Earnshaw * libc/machine/aarch64/strchrnul.S: New file. diff --git a/newlib/libc/argz/envz_merge.c b/newlib/libc/argz/envz_merge.c index 46832202e..8a26bc3c3 100644 --- a/newlib/libc/argz/envz_merge.c +++ b/newlib/libc/argz/envz_merge.c @@ -55,6 +55,7 @@ _DEFUN (envz_merge, (envz, envz_len, envz2, envz2_len, override), } retval = envz_add(envz, envz_len, name_str, val_str); + free(name_str); } } return retval; diff --git a/newlib/libc/ctype/iswalpha.c b/newlib/libc/ctype/iswalpha.c index 16d424086..71f0e4a4b 100644 --- a/newlib/libc/ctype/iswalpha.c +++ b/newlib/libc/ctype/iswalpha.c @@ -415,7 +415,7 @@ _DEFUN(iswalpha,(c), wint_t c) /* otherwise c > *ptr */ /* look for 0x0 as next element which indicates a range */ ++ptr; - if (*ptr == 0x0) + if (ptr < table + size - 1 && *ptr == 0x0) { /* we have a range..see if c falls within range */ ++ptr; diff --git a/newlib/libc/locale/ldpart.c b/newlib/libc/locale/ldpart.c index 595532298..35ad3bd13 100644 --- a/newlib/libc/locale/ldpart.c +++ b/newlib/libc/locale/ldpart.c @@ -110,7 +110,7 @@ __part_load_locale(const char *name, goto bad_locale; if (st.st_size <= 0) goto bad_locale; - bufsize = namesize + st.st_size; + bufsize = namesize + st.st_size + 1; locale_buf = NULL; if (lbuf == NULL || lbuf == locale_buf_C) @@ -137,6 +137,7 @@ __part_load_locale(const char *name, /* * Parse the locale file into localebuf. */ + p[st.st_size] = '\0'; if (plim[-1] != '\n') goto bad_lbuf; num_lines = split_lines(p, plim);