2009-11-25 Chris Sutcliffe <ir0nh34d@users.sourceforge.net>

* mingwex/gdtoa/misc.c: Fix security vulnerability in gdtoa:
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689

winsup/mingw/ChangeLog

@@ -1,3 +1,8 @@
+2009-11-25  Chris Sutcliffe  <ir0nh34d@users.sourceforge.net>
+
+	* mingwex/gdtoa/misc.c: Fix security vulnerability in gdtoa:
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
+
 2009-11-13  Chris Sutcliffe  <ir0nh34d@users.sourceforge.net>
 
 	* include/io.h (_open_osfhandle): Correct definition.

winsup/mingw/mingwex/gdtoa/misc.c

@@ -135,6 +135,8 @@ Bigint *Balloc (int k)
 		x = 1 << k;
 #ifdef Omit_Private_Memory
 		rv = (Bigint *)MALLOC(sizeof(Bigint) + (x-1)*sizeof(ULong));
+    if (rv == NULL)
+      return NULL;
 #else
 		len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1)
 			/sizeof(double);
@@ -143,7 +145,11 @@ Bigint *Balloc (int k)
 			pmem_next += len;
 		}
 		else
+      {
 			rv = (Bigint*)MALLOC(len*sizeof(double));
+      if (rv == NULL)
+        return NULL;
+      }
 #endif
 		rv->k = k;
 		rv->maxwds = x;
@@ -255,6 +261,8 @@ Bigint *multadd (Bigint *b, int m, int a)	/* multiply by m and add a */
 	if (carry) {
 		if (wds >= b->maxwds) {
 			b1 = Balloc(b->k+1);
+      if (b1 == NULL)
+        return NULL;
 			Bcopy(b1, b);
 			Bfree(b);
 			b = b1;
@@ -303,6 +311,8 @@ Bigint *i2b (int i)
 	Bigint *b;
 
 	b = Balloc(1);
+  if (b == NULL)
+    return NULL;
 	b->x[0] = i;
 	b->wds = 1;
 	return b;
@@ -335,6 +345,8 @@ Bigint *mult (Bigint *a, Bigint *b)
 	if (wc > a->maxwds)
 		k++;
 	c = Balloc(k);
+  if (c == NULL)
+    return NULL;
 	for(x = c->x, xa = x + wc; x < xa; x++)
 		*x = 0;
 	xa = a->x;
@@ -417,7 +429,11 @@ Bigint *pow5mult (Bigint *b, int k)
 	static int p05[3] = { 5, 25, 125 };
 
 	if ( (i = k & 3) !=0)
-		b = multadd(b, p05[i-1], 0);
+    {
+      b = multadd(b, p05[i-1], 0);
+      if (b == NULL)
+        return NULL;
+    }
 
 	if (!(k >>= 2))
 		return b;
@@ -427,17 +443,23 @@ Bigint *pow5mult (Bigint *b, int k)
 		ACQUIRE_DTOA_LOCK(1);
 		if (!(p5 = p5s)) {
 			p5 = p5s = i2b(625);
+      if (p5 == NULL)
+        return NULL;
 			p5->next = 0;
 		}
 		FREE_DTOA_LOCK(1);
 #else
 		p5 = p5s = i2b(625);
+    if (p5 == NULL)
+      return NULL;
 		p5->next = 0;
 #endif
 	}
 	for(;;) {
 		if (k & 1) {
 			b1 = mult(b, p5);
+      if (b1 == NULL)
+        return NULL;
 			Bfree(b);
 			b = b1;
 		}
@@ -448,11 +470,15 @@ Bigint *pow5mult (Bigint *b, int k)
 			ACQUIRE_DTOA_LOCK(1);
 			if (!(p51 = p5->next)) {
 				p51 = p5->next = mult(p5,p5);
+        if (p51 == NULL)
+          return NULL;
 				p51->next = 0;
 			}
 			FREE_DTOA_LOCK(1);
 #else
 			p51 = p5->next = mult(p5,p5);
+      if (p51 == NULL)
+        return NULL;
 			p51->next = 0;
 #endif
 		}
@@ -473,6 +499,8 @@ Bigint *lshift (Bigint *b, int k)
 	for(i = b->maxwds; n1 > i; i <<= 1)
 		k1++;
 	b1 = Balloc(k1);
+  if (b1 == NULL)
+    return NULL;
 	x1 = b1->x;
 	for(i = 0; i < n; i++)
 		*x1++ = 0;
@@ -552,6 +580,8 @@ Bigint *diff (Bigint *a, Bigint *b)
 	i = cmp(a,b);
 	if (!i) {
 		c = Balloc(0);
+    if (c == NULL)
+      return NULL;
 		c->wds = 1;
 		c->x[0] = 0;
 		return c;
@@ -565,6 +595,8 @@ Bigint *diff (Bigint *a, Bigint *b)
 	else
 		i = 0;
 	c = Balloc(a->k);
+  if (c == NULL)
+    return NULL;
 	c->sign = i;
 	wa = a->wds;
 	xa = a->x;
@@ -693,6 +725,8 @@ Bigint *d2b (double dd, int *e, int *bits)
 #else
 	b = Balloc(2);
 #endif
+  if (b == NULL)
+    return NULL;
 	x = b->x;
 
 	z = d0 & Frac_mask;