[Ming-cvs] [libming/libming] 3a000c: Fix heap-buffer-overflows when accessing pool

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

  Branch: refs/heads/master
  Home:   https://github.com/libming/libming
  Commit: 3a000c7b6fe978dd9925266bb6847709e06dbaa3
      https://github.com/libming/libming/commit/3a000c7b6fe978dd9925266bb6847709e06dbaa3
  Author: Hugo Lefeuvre <hl...@de...>
  Date:   2018-03-12 (Mon, 12 Mar 2018)

  Changed paths:
    M NEWS
    M util/decompile.c

  Log Message:
  -----------
  Fix heap-buffer-overflows when accessing pool

Constants are usually retrieved from the constant pool without verifying
that the pool actually contains them, which may lead to various heap
buffer overflow issues.

In this patch we add a counter keeping track of how many elements the pool
contains, and checks making sure that whenever the pool is accessed, the
constant in present in the pool (constant position < pool counter).

Also, do not return "" when a pointer is excepted (it should be legal to free
this return value).

This patch fixes #112 (CVE-2018-7875), fixes #120 (CVE-2018-7871),
fixes #117 (CVE-2018-7870), fixes #114 (CVE-2018-7872), fixes #122,
fixes #113 (CVE-2018-7868), fixes #123.

  Commit: eeca3fee7a005b9934330a5ce9e683ae21bd120e
      https://github.com/libming/libming/commit/eeca3fee7a005b9934330a5ce9e683ae21bd120e
  Author: Sandro Santilli <st...@kb...>
  Date:   2018-03-13 (Tue, 13 Mar 2018)

  Changed paths:
    M NEWS
    M util/decompile.c

  Log Message:
  -----------
  Merge pull request #125 from hlef/master

Fix various issues with pool management / access

Compare: https://github.com/libming/libming/compare/c4d20b127bac...eeca3fee7a00