summaryrefslogtreecommitdiff
blob: eb0b84414e88c3f81e653860671023636c674391 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
Source: https://git.savannah.gnu.org/cgit/pspp.git/commit/?id=0b842a84353790534a401e09a8d3bdd3d25bc3a6
Bug: https://bugs.gentoo.org/679392

From 0b842a84353790534a401e09a8d3bdd3d25bc3a6 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@cs.stanford.edu>
Date: Wed, 27 Feb 2019 20:11:06 -0800
Subject: sys-file-writer: Remove assertions based on file position.

These assertions can fail if the underlying file is not a regular file,
e.g. if it is a device such as /dev/null.

CVE-2019-9211.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1683499.
See also https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9211.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923417.
---
 src/data/sys-file-writer.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/data/sys-file-writer.c b/src/data/sys-file-writer.c
index df5108e2a..bbe58aecd 100644
--- a/src/data/sys-file-writer.c
+++ b/src/data/sys-file-writer.c
@@ -953,7 +953,6 @@ write_long_string_value_labels (struct sfm_writer *w,
   const char *encoding = dict_get_encoding (dict);
   size_t n_vars = dict_get_var_cnt (dict);
   size_t size, i;
-  off_t start UNUSED;
 
   /* Figure out the size in advance. */
   size = 0;
@@ -985,7 +984,6 @@ write_long_string_value_labels (struct sfm_writer *w,
   write_int (w, 1);             /* Data item (byte) size. */
   write_int (w, size);          /* Number of data items. */
 
-  start = ftello (w->file);
   for (i = 0; i < n_vars; i++)
     {
       struct variable *var = dict_get_var (dict, i);
@@ -1022,7 +1020,6 @@ write_long_string_value_labels (struct sfm_writer *w,
           free (label);
         }
     }
-  assert (ftello (w->file) == start + size);
 }
 
 static void
@@ -1032,7 +1029,6 @@ write_long_string_missing_values (struct sfm_writer *w,
   const char *encoding = dict_get_encoding (dict);
   size_t n_vars = dict_get_var_cnt (dict);
   size_t size, i;
-  off_t start UNUSED;
 
   /* Figure out the size in advance. */
   size = 0;
@@ -1058,7 +1054,6 @@ write_long_string_missing_values (struct sfm_writer *w,
   write_int (w, 1);             /* Data item (byte) size. */
   write_int (w, size);          /* Number of data items. */
 
-  start = ftello (w->file);
   for (i = 0; i < n_vars; i++)
     {
       struct variable *var = dict_get_var (dict, i);
@@ -1087,7 +1082,6 @@ write_long_string_missing_values (struct sfm_writer *w,
           write_bytes (w, value_str (value, width), 8);
         }
     }
-  assert (ftello (w->file) == start + size);
 }
 
 static void
-- 
cgit v1.2.1