netcdf-c

mirror/netcdf-c

Fork 0

mirror of https://github.com/Unidata/netcdf-c.git synced 2025-01-24 16:04:40 +08:00

Commit Graph

Author	SHA1	Message	Date
Dennis Heimbigner	b5d4afd1d5	Patch errors ## Examine and fix ezxml errors re: Issue https://github.com/Unidata/netcdf-c/issues/2119 Multiple security issues were found in ezxml (see above Issue). * CVE-2021-31598 * CVE-2021-31348 / CVE-2021-31347 * CVE-2021-31229 * CVE-2021-30485 * CVE-2021-26222 * CVE-2021-26221 * CVE-2021-26220 * CVE-2019-20202 * CVE-2019-20201 * CVE-2019-20200 * CVE-2019-20199 * CVE-2019-20198 * CVE-2019-20007 * CVE-2019-20006 * CVE-2019-20005 In addition, moved ezxml to libdispatch. ## Examine and fix selected oss-fuzz detected errors Note that most of these errors are in the libsrc .m4 generated code so fixing them is difficult. It would nice if we could tell oss-fuzz to skip those files. They are old and crufty and probably need a complete refactor. Issue\|Status -----\|------ 35382\|Fixed; old bug 35398\|Closed by OSS-Fuzz 35442\|Guarantee alloc > 0 or error; Old bug 35721\|Assert failure; ok 35992\|Fixed; old bug 36038\|Fixed; old bug 36129\|Unfixed; old bug 36229\|Fixed by adding assert; old bug 37476\|Unfixed; old bug 37824\|Assert Failure; ok 38300\|Closed by OSS-Fuzz 38537\|Unfixed; old bug 38658\|Unfixed; old bug 38699\|Fixed maybe; old bug 38772\|Nature of error is unclear, suspect that it results from using too large a type. 39248\|Need more information 39394\|Unfixed; old bug	2021-10-12 14:03:48 -06:00

Author

SHA1

Message

Date

Dennis Heimbigner

b5d4afd1d5

Patch errors

## Examine and fix ezxml errors

re: Issue https://github.com/Unidata/netcdf-c/issues/2119

Multiple security issues were found in ezxml (see above Issue).

* CVE-2021-31598
* CVE-2021-31348 / CVE-2021-31347
* CVE-2021-31229
* CVE-2021-30485
* CVE-2021-26222
* CVE-2021-26221
* CVE-2021-26220
* CVE-2019-20202
* CVE-2019-20201
* CVE-2019-20200
* CVE-2019-20199
* CVE-2019-20198
* CVE-2019-20007
* CVE-2019-20006
* CVE-2019-20005

In addition, moved ezxml to libdispatch.

## Examine and fix selected  oss-fuzz detected errors

Note that most of these errors are in the libsrc .m4 generated
code so fixing them is difficult. It would nice if we could tell
oss-fuzz to skip those files. They are old and crufty and
probably need a complete refactor.

Issue|Status
-----|------
35382|Fixed; old bug
35398|Closed by OSS-Fuzz
35442|Guarantee alloc > 0 or error; Old bug
35721|Assert failure; ok
35992|Fixed; old bug
36038|Fixed; old bug
36129|Unfixed; old bug
36229|Fixed by adding assert; old bug
37476|Unfixed; old bug
37824|Assert Failure; ok
38300|Closed by OSS-Fuzz
38537|Unfixed; old bug
38658|Unfixed; old bug
38699|Fixed maybe; old bug
38772|Nature of error is unclear, suspect that it results from using too large a type.
39248|Need more information
39394|Unfixed; old bug

2021-10-12 14:03:48 -06:00

1 Commits