From bde36356692163b178279784cc631889399dbcfc Mon Sep 17 00:00:00 2001 From: Chris Sutcliffe Date: Sat, 28 Nov 2009 05:28:35 +0000 Subject: [PATCH] 2009-11-25 Chris Sutcliffe * mingwex/gdtoa/misc.c: Fix security vulnerability in gdtoa: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689 --- winsup/mingw/ChangeLog | 5 +++++ winsup/mingw/mingwex/gdtoa/misc.c | 36 ++++++++++++++++++++++++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/winsup/mingw/ChangeLog b/winsup/mingw/ChangeLog index 8aeb06ce3..16592f38b 100644 --- a/winsup/mingw/ChangeLog +++ b/winsup/mingw/ChangeLog @@ -1,3 +1,8 @@ +2009-11-25 Chris Sutcliffe + + * mingwex/gdtoa/misc.c: Fix security vulnerability in gdtoa: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689 + 2009-11-13 Chris Sutcliffe * include/io.h (_open_osfhandle): Correct definition. diff --git a/winsup/mingw/mingwex/gdtoa/misc.c b/winsup/mingw/mingwex/gdtoa/misc.c index 35f9a6e54..49934c42f 100755 --- a/winsup/mingw/mingwex/gdtoa/misc.c +++ b/winsup/mingw/mingwex/gdtoa/misc.c @@ -135,6 +135,8 @@ Bigint *Balloc (int k) x = 1 << k; #ifdef Omit_Private_Memory rv = (Bigint *)MALLOC(sizeof(Bigint) + (x-1)*sizeof(ULong)); + if (rv == NULL) + return NULL; #else len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1) /sizeof(double); @@ -143,7 +145,11 @@ Bigint *Balloc (int k) pmem_next += len; } else + { rv = (Bigint*)MALLOC(len*sizeof(double)); + if (rv == NULL) + return NULL; + } #endif rv->k = k; rv->maxwds = x; @@ -255,6 +261,8 @@ Bigint *multadd (Bigint *b, int m, int a) /* multiply by m and add a */ if (carry) { if (wds >= b->maxwds) { b1 = Balloc(b->k+1); + if (b1 == NULL) + return NULL; Bcopy(b1, b); Bfree(b); b = b1; @@ -303,6 +311,8 @@ Bigint *i2b (int i) Bigint *b; b = Balloc(1); + if (b == NULL) + return NULL; b->x[0] = i; b->wds = 1; return b; @@ -335,6 +345,8 @@ Bigint *mult (Bigint *a, Bigint *b) if (wc > a->maxwds) k++; c = Balloc(k); + if (c == NULL) + return NULL; for(x = c->x, xa = x + wc; x < xa; x++) *x = 0; xa = a->x; @@ -417,7 +429,11 @@ Bigint *pow5mult (Bigint *b, int k) static int p05[3] = { 5, 25, 125 }; if ( (i = k & 3) !=0) - b = multadd(b, p05[i-1], 0); + { + b = multadd(b, p05[i-1], 0); + if (b == NULL) + return NULL; + } if (!(k >>= 2)) return b; @@ -427,17 +443,23 @@ Bigint *pow5mult (Bigint *b, int k) ACQUIRE_DTOA_LOCK(1); if (!(p5 = p5s)) { p5 = p5s = i2b(625); + if (p5 == NULL) + return NULL; p5->next = 0; } FREE_DTOA_LOCK(1); #else p5 = p5s = i2b(625); + if (p5 == NULL) + return NULL; p5->next = 0; #endif } for(;;) { if (k & 1) { b1 = mult(b, p5); + if (b1 == NULL) + return NULL; Bfree(b); b = b1; } @@ -448,11 +470,15 @@ Bigint *pow5mult (Bigint *b, int k) ACQUIRE_DTOA_LOCK(1); if (!(p51 = p5->next)) { p51 = p5->next = mult(p5,p5); + if (p51 == NULL) + return NULL; p51->next = 0; } FREE_DTOA_LOCK(1); #else p51 = p5->next = mult(p5,p5); + if (p51 == NULL) + return NULL; p51->next = 0; #endif } @@ -473,6 +499,8 @@ Bigint *lshift (Bigint *b, int k) for(i = b->maxwds; n1 > i; i <<= 1) k1++; b1 = Balloc(k1); + if (b1 == NULL) + return NULL; x1 = b1->x; for(i = 0; i < n; i++) *x1++ = 0; @@ -552,6 +580,8 @@ Bigint *diff (Bigint *a, Bigint *b) i = cmp(a,b); if (!i) { c = Balloc(0); + if (c == NULL) + return NULL; c->wds = 1; c->x[0] = 0; return c; @@ -565,6 +595,8 @@ Bigint *diff (Bigint *a, Bigint *b) else i = 0; c = Balloc(a->k); + if (c == NULL) + return NULL; c->sign = i; wa = a->wds; xa = a->x; @@ -693,6 +725,8 @@ Bigint *d2b (double dd, int *e, int *bits) #else b = Balloc(2); #endif + if (b == NULL) + return NULL; x = b->x; z = d0 & Frac_mask;