diff options
author | Christian Grothoff <christian@grothoff.org> | 2017-10-15 19:49:27 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2017-10-15 19:49:27 +0200 |
commit | f71355829ab07f9632e3c1195f8bffa50e40826e (patch) | |
tree | 224828ecf31d7b4e2079e66e3e07a23acfb9e37f | |
parent | 153ee0cc5e5311fa59ea006b325c65b3a142e775 (diff) | |
download | libextractor-f71355829ab07f9632e3c1195f8bffa50e40826e.tar.gz libextractor-f71355829ab07f9632e3c1195f8bffa50e40826e.zip |
defensive programming: avoid malloc(0) in deb extractor
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | src/plugins/deb_extractor.c | 2 |
2 files changed, 4 insertions, 1 deletions
@@ -1,7 +1,8 @@ | |||
1 | Sun Oct 15 19:36:41 CEST 2017 | 1 | Sun Oct 15 19:36:41 CEST 2017 |
2 | Fix potential file descriptor leak (on error handling path). | 2 | Fix potential file descriptor leak (on error handling path). |
3 | Fix potential assign-after-free (on IPC error handling path). | 3 | Fix potential assign-after-free (on IPC error handling path). |
4 | Make sure to only pass "unsigned char" to functions like isspace(). -CG | 4 | Make sure to only pass "unsigned char" to functions like isspace(). |
5 | Avoid malloc(0) in DEB extractor under certain conditions. -CG | ||
5 | 6 | ||
6 | Fri Oct 13 12:30:37 CEST 2017 | 7 | Fri Oct 13 12:30:37 CEST 2017 |
7 | Properly check read error in NSF plugin (from signedness confusion) found by Leon Zhao. -CG | 8 | Properly check read error in NSF plugin (from signedness confusion) found by Leon Zhao. -CG |
diff --git a/src/plugins/deb_extractor.c b/src/plugins/deb_extractor.c index 4716732..afbe8bb 100644 --- a/src/plugins/deb_extractor.c +++ b/src/plugins/deb_extractor.c | |||
@@ -363,6 +363,8 @@ processControlTGZ (struct EXTRACTOR_ExtractContext *ec, | |||
363 | 363 | ||
364 | if (size > MAX_CONTROL_SIZE) | 364 | if (size > MAX_CONTROL_SIZE) |
365 | return 0; | 365 | return 0; |
366 | if (0 == size) | ||
367 | return 0; | ||
366 | if (NULL == (cdata = malloc (size))) | 368 | if (NULL == (cdata = malloc (size))) |
367 | return 0; | 369 | return 0; |
368 | off = 0; | 370 | off = 0; |