mirror of
https://github.com/Unidata/netcdf-c.git
synced 2025-02-23 16:59:54 +08:00
b5d4afd1d5
## Examine and fix ezxml errors re: Issue https://github.com/Unidata/netcdf-c/issues/2119 Multiple security issues were found in ezxml (see above Issue). * CVE-2021-31598 * CVE-2021-31348 / CVE-2021-31347 * CVE-2021-31229 * CVE-2021-30485 * CVE-2021-26222 * CVE-2021-26221 * CVE-2021-26220 * CVE-2019-20202 * CVE-2019-20201 * CVE-2019-20200 * CVE-2019-20199 * CVE-2019-20198 * CVE-2019-20007 * CVE-2019-20006 * CVE-2019-20005 In addition, moved ezxml to libdispatch. ## Examine and fix selected oss-fuzz detected errors Note that most of these errors are in the libsrc .m4 generated code so fixing them is difficult. It would nice if we could tell oss-fuzz to skip those files. They are old and crufty and probably need a complete refactor. Issue|Status -----|------ 35382|Fixed; old bug 35398|Closed by OSS-Fuzz 35442|Guarantee alloc > 0 or error; Old bug 35721|Assert failure; ok 35992|Fixed; old bug 36038|Fixed; old bug 36129|Unfixed; old bug 36229|Fixed by adding assert; old bug 37476|Unfixed; old bug 37824|Assert Failure; ok 38300|Closed by OSS-Fuzz 38537|Unfixed; old bug 38658|Unfixed; old bug 38699|Fixed maybe; old bug 38772|Nature of error is unclear, suspect that it results from using too large a type. 39248|Need more information 39394|Unfixed; old bug |
||
|---|---|---|
| .. | ||
| CMakeLists.txt | ||
| d4bytes.c | ||
| d4bytes.h | ||
| d4chunk.c | ||
| d4chunk.h | ||
| d4curlflags.c | ||
| d4curlfunctions.c | ||
| d4curlfunctions.h | ||
| d4cvt.c | ||
| d4data.c | ||
| d4debug.c | ||
| d4debug.h | ||
| d4dump.c | ||
| d4file.c | ||
| d4fix.c | ||
| d4http.c | ||
| d4http.h | ||
| d4includes.h | ||
| d4mem.c | ||
| d4meta.c | ||
| d4odom.c | ||
| d4odom.h | ||
| d4parser.c | ||
| d4printer.c | ||
| d4read.c | ||
| d4read.h | ||
| d4swap.c | ||
| d4util.c | ||
| d4util.h | ||
| d4varx.c | ||
| ezxml_extra.c | ||
| Makefile.am | ||
| ncd4.h | ||
| ncd4dispatch.c | ||
| ncd4dispatch.h | ||
| ncd4types.h | ||