2009-11-25 Chris Sutcliffe <ir0nh34d@users.sourceforge.net>

* mingwex/gdtoa/misc.c: Fix security vulnerability in gdtoa:
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
This commit is contained in:
Chris Sutcliffe 2009-11-28 05:28:35 +00:00
parent 575e8668bd
commit bde3635669
2 changed files with 40 additions and 1 deletions

View File

@ -1,3 +1,8 @@
2009-11-25 Chris Sutcliffe <ir0nh34d@users.sourceforge.net>
* mingwex/gdtoa/misc.c: Fix security vulnerability in gdtoa:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
2009-11-13 Chris Sutcliffe <ir0nh34d@users.sourceforge.net>
* include/io.h (_open_osfhandle): Correct definition.

View File

@ -135,6 +135,8 @@ Bigint *Balloc (int k)
x = 1 << k;
#ifdef Omit_Private_Memory
rv = (Bigint *)MALLOC(sizeof(Bigint) + (x-1)*sizeof(ULong));
if (rv == NULL)
return NULL;
#else
len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1)
/sizeof(double);
@ -143,7 +145,11 @@ Bigint *Balloc (int k)
pmem_next += len;
}
else
{
rv = (Bigint*)MALLOC(len*sizeof(double));
if (rv == NULL)
return NULL;
}
#endif
rv->k = k;
rv->maxwds = x;
@ -255,6 +261,8 @@ Bigint *multadd (Bigint *b, int m, int a) /* multiply by m and add a */
if (carry) {
if (wds >= b->maxwds) {
b1 = Balloc(b->k+1);
if (b1 == NULL)
return NULL;
Bcopy(b1, b);
Bfree(b);
b = b1;
@ -303,6 +311,8 @@ Bigint *i2b (int i)
Bigint *b;
b = Balloc(1);
if (b == NULL)
return NULL;
b->x[0] = i;
b->wds = 1;
return b;
@ -335,6 +345,8 @@ Bigint *mult (Bigint *a, Bigint *b)
if (wc > a->maxwds)
k++;
c = Balloc(k);
if (c == NULL)
return NULL;
for(x = c->x, xa = x + wc; x < xa; x++)
*x = 0;
xa = a->x;
@ -417,7 +429,11 @@ Bigint *pow5mult (Bigint *b, int k)
static int p05[3] = { 5, 25, 125 };
if ( (i = k & 3) !=0)
b = multadd(b, p05[i-1], 0);
{
b = multadd(b, p05[i-1], 0);
if (b == NULL)
return NULL;
}
if (!(k >>= 2))
return b;
@ -427,17 +443,23 @@ Bigint *pow5mult (Bigint *b, int k)
ACQUIRE_DTOA_LOCK(1);
if (!(p5 = p5s)) {
p5 = p5s = i2b(625);
if (p5 == NULL)
return NULL;
p5->next = 0;
}
FREE_DTOA_LOCK(1);
#else
p5 = p5s = i2b(625);
if (p5 == NULL)
return NULL;
p5->next = 0;
#endif
}
for(;;) {
if (k & 1) {
b1 = mult(b, p5);
if (b1 == NULL)
return NULL;
Bfree(b);
b = b1;
}
@ -448,11 +470,15 @@ Bigint *pow5mult (Bigint *b, int k)
ACQUIRE_DTOA_LOCK(1);
if (!(p51 = p5->next)) {
p51 = p5->next = mult(p5,p5);
if (p51 == NULL)
return NULL;
p51->next = 0;
}
FREE_DTOA_LOCK(1);
#else
p51 = p5->next = mult(p5,p5);
if (p51 == NULL)
return NULL;
p51->next = 0;
#endif
}
@ -473,6 +499,8 @@ Bigint *lshift (Bigint *b, int k)
for(i = b->maxwds; n1 > i; i <<= 1)
k1++;
b1 = Balloc(k1);
if (b1 == NULL)
return NULL;
x1 = b1->x;
for(i = 0; i < n; i++)
*x1++ = 0;
@ -552,6 +580,8 @@ Bigint *diff (Bigint *a, Bigint *b)
i = cmp(a,b);
if (!i) {
c = Balloc(0);
if (c == NULL)
return NULL;
c->wds = 1;
c->x[0] = 0;
return c;
@ -565,6 +595,8 @@ Bigint *diff (Bigint *a, Bigint *b)
else
i = 0;
c = Balloc(a->k);
if (c == NULL)
return NULL;
c->sign = i;
wa = a->wds;
xa = a->x;
@ -693,6 +725,8 @@ Bigint *d2b (double dd, int *e, int *bits)
#else
b = Balloc(2);
#endif
if (b == NULL)
return NULL;
x = b->x;
z = d0 & Frac_mask;