This is the mail archive of the
libc-locales@sourceware.org
mailing list for the GNU libc locales project.
[Bug localedata/19671] New: Missing Sanity Check for malloc() in 'tst-fmon.c' & 'tst-numeric.c'
- From: "wp02855 at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: libc-locales at sourceware dot org
- Date: Thu, 18 Feb 2016 21:15:01 +0000
- Subject: [Bug localedata/19671] New: Missing Sanity Check for malloc() in 'tst-fmon.c' & 'tst-numeric.c'
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=19671
Bug ID: 19671
Summary: Missing Sanity Check for malloc() in 'tst-fmon.c' &
'tst-numeric.c'
Product: glibc
Version: 2.22
Status: NEW
Severity: normal
Priority: P2
Component: localedata
Assignee: unassigned at sourceware dot org
Reporter: wp02855 at gmail dot com
CC: libc-locales at sourceware dot org
Target Milestone: ---
Created attachment 9014
--> https://sourceware.org/bugzilla/attachment.cgi?id=9014&action=edit
patch file for above bug report (diff -u)
In directory 'localedata', file 'tst-fmon.c', there is a call to malloc()
which is not checked for a return value of NULL, indicating failure.
The patch file below should address/correct this issue:
--- tst-fmon.c.orig 2016-02-17 16:10:24.878923789 -0800
+++ tst-fmon.c 2016-02-17 16:11:48.938607342 -0800
@@ -41,6 +41,11 @@
main (int argc, char *argv[])
{
char *s = malloc (201);
+ if (s == NULL)
+ {
+ puts ("malloc failure");
+ exit (EXIT_FAILURE);
+ }
if (setlocale (LC_MONETARY, argv[1]) == NULL)
{
=======================================================================
In directory 'localedata', file 'tst-numeric.c', there is a call to malloc()
which is not checked for a return value of NULL, indicating failure.
The patch file below should address/correct this issue:
--- tst-numeric.c.orig 2016-02-17 16:20:50.482434778 -0800
+++ tst-numeric.c 2016-02-17 16:22:10.233570737 -0800
@@ -44,6 +44,12 @@
char *s = malloc (201);
double val;
+ if (s == NULL)
+ {
+ perror ("malloc");
+ exit (EXIT_FAILURE);
+ }
+
/* Make sure to read the value before setting of the locale, as
strtod() is locale-dependent. */
val = strtod (argv[3], NULL);
--
You are receiving this mail because:
You are on the CC list for the bug.