Hello community, here is the log from the commit of package freerdp for openSUSE:Factory checked in at 2019-11-03 10:35:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/freerdp (Old) and /work/SRC/openSUSE:Factory/.freerdp.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "freerdp" Sun Nov 3 10:35:00 2019 rev:37 rq:743737 version:2.0.0~rc4 Changes: -------- --- /work/SRC/openSUSE:Factory/freerdp/freerdp.changes 2019-04-19 18:35:59.451002409 +0200 +++ /work/SRC/openSUSE:Factory/.freerdp.new.2990/freerdp.changes 2019-11-03 10:35:01.469313032 +0100 @@ -1,0 +2,7 @@ +Mon Oct 28 08:03:35 UTC 2019 - Felix Zhang <fezhang@suse.com> + +- Add freerdp-Fix-realloc-return-handling.patch: Fix realloc return + handling that results in memory leaks (boo#1153163, boo#1153164, + gh#FreeRDP/FreeRDP#5645, CVE-2019-17177, CVE-2019-17178) + +------------------------------------------------------------------- New: ---- freerdp-Fix-realloc-return-handling.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freerdp.spec ++++++ --- /var/tmp/diff_new_pack.3TvJk9/_old 2019-11-03 10:35:01.961313620 +0100 +++ /var/tmp/diff_new_pack.3TvJk9/_new 2019-11-03 10:35:01.961313620 +0100 @@ -28,6 +28,8 @@ Group: Productivity/Networking/Other Url: http://www.freerdp.com/ Source0: https://github.com/FreeRDP/FreeRDP/archive/%{version_file}.tar.gz#/FreeRDP-%{version_file}.tar.gz +# PATCH-FIX-UPSTREAM freerdp-Fix-realloc-return-handling.patch boo#1153163 boo#1153164 gh#FreeRDP/FreeRDP#5645 - fezhang@suse.com -- Fix realloc return handling that results in memory leaks +Patch1: freerdp-Fix-realloc-return-handling.patch BuildRequires: chrpath BuildRequires: cmake >= 2.8 BuildRequires: cups-devel @@ -152,6 +154,8 @@ %prep %setup -q -n FreeRDP-%{version_file} +%patch1 -p1 + %build if [ -z "$SOURCE_DATE_EPOCH" ]; then find . -type f -name "*.c" -exec perl -i -pe 's{__(DATE|TIME)__}{""}g' "{}" "+" ++++++ freerdp-Fix-realloc-return-handling.patch ++++++

From 9fee4ae076b1ec97b97efb79ece08d1dab4df29a Mon Sep 17 00:00:00 2001 From: Armin Novak <armin.novak@thincast.com> Date: Fri, 4 Oct 2019 14:49:30 +0200 Subject: [PATCH] Fixed #5645: realloc return handling

--- client/X11/generate_argument_docbook.c | 33 +++++++++++++++++++++++++++------ libfreerdp/codec/region.c | 17 ++++++++++++++--- winpr/libwinpr/utils/lodepng/lodepng.c | 6 +++++- 3 files changed, 46 insertions(+), 10 deletions(-) diff --git a/client/X11/generate_argument_docbook.c b/client/X11/generate_argument_docbook.c index b700539e2..1a3ebf563 100644 --- a/client/X11/generate_argument_docbook.c +++ b/client/X11/generate_argument_docbook.c @@ -9,6 +9,7 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) { LPSTR tmp = NULL; + LPSTR tmp2 = NULL; size_t cs = 0, x, ds, len; size_t s; @@ -25,7 +26,12 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) ds = s + 1; if (s) - tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + { + tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + if (!tmp2) + free(tmp); + tmp = tmp2; + } if (NULL == tmp) { @@ -43,7 +49,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) case '<': len = format ? 13 : 4; ds += len - 1; - tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + if (!tmp2) + free(tmp); + tmp = tmp2; if (NULL == tmp) { @@ -64,7 +73,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) case '>': len = format ? 14 : 4; ds += len - 1; - tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + if (!tmp2) + free(tmp); + tmp = tmp2; if (NULL == tmp) { @@ -84,7 +96,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) case '\'': ds += 5; - tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + if (!tmp2) + free(tmp); + tmp = tmp2; if (NULL == tmp) { @@ -102,7 +117,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) case '"': ds += 5; - tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + if (!tmp2) + free(tmp); + tmp = tmp2; if (NULL == tmp) { @@ -120,7 +138,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) case '&': ds += 4; - tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); + if (!tmp2) + free(tmp); + tmp = tmp2; if (NULL == tmp) { diff --git a/libfreerdp/codec/region.c b/libfreerdp/codec/region.c index 2bc866538..c5d19c806 100644 --- a/libfreerdp/codec/region.c +++ b/libfreerdp/codec/region.c @@ -467,8 +467,12 @@ static BOOL region16_simplify_bands(REGION16* region) if (finalNbRects != nbRects) { - int allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16)); - region->data = realloc(region->data, allocSize); + REGION16_DATA* data; + size_t allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16)); + data = realloc(region->data, allocSize); + if (!data) + free(region->data); + region->data = data; if (!region->data) { @@ -485,10 +489,12 @@ static BOOL region16_simplify_bands(REGION16* region) BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16* rect) { + REGION16_DATA* data; const RECTANGLE_16* srcExtents; RECTANGLE_16* dstExtents; const RECTANGLE_16* currentBand, *endSrcRect, *nextBand; REGION16_DATA* newItems = NULL; + REGION16_DATA* tmpItems = NULL; RECTANGLE_16* dstRect = NULL; UINT32 usedRects, srcNbRects; UINT16 topInterBand; @@ -673,7 +679,11 @@ BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16* dstExtents->bottom = MAX(rect->bottom, srcExtents->bottom); dstExtents->right = MAX(rect->right, srcExtents->right); newItems->size = sizeof(REGION16_DATA) + (usedRects * sizeof(RECTANGLE_16)); - dst->data = realloc(newItems, newItems->size); + tmpItems = realloc(newItems, newItems->size); + if (!tmpItems) + free(newItems); + newItems = tmpItems; + dst->data = newItems; if (!dst->data) { @@ -717,6 +727,7 @@ BOOL region16_intersects_rect(const REGION16* src, const RECTANGLE_16* arg2) BOOL region16_intersect_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16* rect) { + REGION16_DATA* data; REGION16_DATA* newItems; const RECTANGLE_16* srcPtr, *endPtr, *srcExtents; RECTANGLE_16* dstPtr; diff --git a/winpr/libwinpr/utils/lodepng/lodepng.c b/winpr/libwinpr/utils/lodepng/lodepng.c index 741a953b8..b48c881a2 100644 --- a/winpr/libwinpr/utils/lodepng/lodepng.c +++ b/winpr/libwinpr/utils/lodepng/lodepng.c @@ -841,11 +841,15 @@ unsigned lodepng_huffman_code_lengths(unsigned* lengths, const unsigned* frequen static unsigned HuffmanTree_makeFromFrequencies(HuffmanTree* tree, const unsigned* frequencies, size_t mincodes, size_t numcodes, unsigned maxbitlen) { + unsigned* lengths; unsigned error = 0; while(!frequencies[numcodes - 1] && numcodes > mincodes) numcodes--; /*trim zeroes*/ tree->maxbitlen = maxbitlen; tree->numcodes = (unsigned)numcodes; /*number of symbols*/ - tree->lengths = (unsigned*)realloc(tree->lengths, numcodes * sizeof(unsigned)); + lengths = (unsigned*)realloc(tree->lengths, numcodes * sizeof(unsigned)); + if (!lengths) + free(tree->lengths); + tree->lengths = lengths; if(!tree->lengths) return 83; /*alloc fail*/ /*initialize all lengths to 0*/ memset(tree->lengths, 0, numcodes * sizeof(unsigned)); -- 2.16.4