commit f71355829ab07f9632e3c1195f8bffa50e40826e
parent 153ee0cc5e5311fa59ea006b325c65b3a142e775
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 15 Oct 2017 19:49:27 +0200
defensive programming: avoid malloc(0) in deb extractor
Diffstat:
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,7 +1,8 @@
Sun Oct 15 19:36:41 CEST 2017
Fix potential file descriptor leak (on error handling path).
Fix potential assign-after-free (on IPC error handling path).
- Make sure to only pass "unsigned char" to functions like isspace(). -CG
+ Make sure to only pass "unsigned char" to functions like isspace().
+ Avoid malloc(0) in DEB extractor under certain conditions. -CG
Fri Oct 13 12:30:37 CEST 2017
Properly check read error in NSF plugin (from signedness confusion) found by Leon Zhao. -CG
diff --git a/src/plugins/deb_extractor.c b/src/plugins/deb_extractor.c
@@ -363,6 +363,8 @@ processControlTGZ (struct EXTRACTOR_ExtractContext *ec,
if (size > MAX_CONTROL_SIZE)
return 0;
+ if (0 == size)
+ return 0;
if (NULL == (cdata = malloc (size)))
return 0;
off = 0;
