diff options
author | Chris Sutcliffe <ir0nh34d@users.sourceforge.net> | 2009-11-28 05:28:35 +0000 |
---|---|---|
committer | Chris Sutcliffe <ir0nh34d@users.sourceforge.net> | 2009-11-28 05:28:35 +0000 |
commit | bde36356692163b178279784cc631889399dbcfc (patch) | |
tree | 7e4206b306104ed674c6ba5ed337711f41ce9bcc /winsup/mingw/mingwex | |
parent | 575e8668bdda3a16dcc03adccb02944e75cb023b (diff) | |
download | newlib-bde36356692163b178279784cc631889399dbcfc.zip newlib-bde36356692163b178279784cc631889399dbcfc.tar.gz newlib-bde36356692163b178279784cc631889399dbcfc.tar.bz2 |
2009-11-25 Chris Sutcliffe <ir0nh34d@users.sourceforge.net>
* mingwex/gdtoa/misc.c: Fix security vulnerability in gdtoa:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
Diffstat (limited to 'winsup/mingw/mingwex')
-rwxr-xr-x | winsup/mingw/mingwex/gdtoa/misc.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/winsup/mingw/mingwex/gdtoa/misc.c b/winsup/mingw/mingwex/gdtoa/misc.c index 35f9a6e..49934c4 100755 --- a/winsup/mingw/mingwex/gdtoa/misc.c +++ b/winsup/mingw/mingwex/gdtoa/misc.c @@ -135,6 +135,8 @@ Bigint *Balloc (int k) x = 1 << k; #ifdef Omit_Private_Memory rv = (Bigint *)MALLOC(sizeof(Bigint) + (x-1)*sizeof(ULong)); + if (rv == NULL) + return NULL; #else len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1) /sizeof(double); @@ -143,7 +145,11 @@ Bigint *Balloc (int k) pmem_next += len; } else + { rv = (Bigint*)MALLOC(len*sizeof(double)); + if (rv == NULL) + return NULL; + } #endif rv->k = k; rv->maxwds = x; @@ -255,6 +261,8 @@ Bigint *multadd (Bigint *b, int m, int a) /* multiply by m and add a */ if (carry) { if (wds >= b->maxwds) { b1 = Balloc(b->k+1); + if (b1 == NULL) + return NULL; Bcopy(b1, b); Bfree(b); b = b1; @@ -303,6 +311,8 @@ Bigint *i2b (int i) Bigint *b; b = Balloc(1); + if (b == NULL) + return NULL; b->x[0] = i; b->wds = 1; return b; @@ -335,6 +345,8 @@ Bigint *mult (Bigint *a, Bigint *b) if (wc > a->maxwds) k++; c = Balloc(k); + if (c == NULL) + return NULL; for(x = c->x, xa = x + wc; x < xa; x++) *x = 0; xa = a->x; @@ -417,7 +429,11 @@ Bigint *pow5mult (Bigint *b, int k) static int p05[3] = { 5, 25, 125 }; if ( (i = k & 3) !=0) - b = multadd(b, p05[i-1], 0); + { + b = multadd(b, p05[i-1], 0); + if (b == NULL) + return NULL; + } if (!(k >>= 2)) return b; @@ -427,17 +443,23 @@ Bigint *pow5mult (Bigint *b, int k) ACQUIRE_DTOA_LOCK(1); if (!(p5 = p5s)) { p5 = p5s = i2b(625); + if (p5 == NULL) + return NULL; p5->next = 0; } FREE_DTOA_LOCK(1); #else p5 = p5s = i2b(625); + if (p5 == NULL) + return NULL; p5->next = 0; #endif } for(;;) { if (k & 1) { b1 = mult(b, p5); + if (b1 == NULL) + return NULL; Bfree(b); b = b1; } @@ -448,11 +470,15 @@ Bigint *pow5mult (Bigint *b, int k) ACQUIRE_DTOA_LOCK(1); if (!(p51 = p5->next)) { p51 = p5->next = mult(p5,p5); + if (p51 == NULL) + return NULL; p51->next = 0; } FREE_DTOA_LOCK(1); #else p51 = p5->next = mult(p5,p5); + if (p51 == NULL) + return NULL; p51->next = 0; #endif } @@ -473,6 +499,8 @@ Bigint *lshift (Bigint *b, int k) for(i = b->maxwds; n1 > i; i <<= 1) k1++; b1 = Balloc(k1); + if (b1 == NULL) + return NULL; x1 = b1->x; for(i = 0; i < n; i++) *x1++ = 0; @@ -552,6 +580,8 @@ Bigint *diff (Bigint *a, Bigint *b) i = cmp(a,b); if (!i) { c = Balloc(0); + if (c == NULL) + return NULL; c->wds = 1; c->x[0] = 0; return c; @@ -565,6 +595,8 @@ Bigint *diff (Bigint *a, Bigint *b) else i = 0; c = Balloc(a->k); + if (c == NULL) + return NULL; c->sign = i; wa = a->wds; xa = a->x; @@ -693,6 +725,8 @@ Bigint *d2b (double dd, int *e, int *bits) #else b = Balloc(2); #endif + if (b == NULL) + return NULL; x = b->x; z = d0 & Frac_mask; |