From 25ce17ca7b203091a01442881a13c8eaff189aee Mon Sep 17 00:00:00 2001 From: Marc-Philip Date: Mon, 19 Jun 2017 13:41:50 +0200 Subject: [PATCH 1/5] avoid using invalid field --- src/generic/timectrlg.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/generic/timectrlg.cpp b/src/generic/timectrlg.cpp index e474338db6..445446e511 100644 --- a/src/generic/timectrlg.cpp +++ b/src/generic/timectrlg.cpp @@ -446,6 +446,7 @@ private: case Field_Max: wxFAIL_MSG( "Invalid field" ); + return; } UpdateText(); @@ -531,6 +532,7 @@ private: case Field_AMPM: case Field_Max: wxFAIL_MSG( "Invalid field" ); + return; } if ( moveToNextField && m_currentField < Field_Sec ) From 3e9c24f57fb7e99cf6cc6d4f76417049177f6798 Mon Sep 17 00:00:00 2001 From: Marc-Philip Date: Mon, 19 Jun 2017 13:21:29 +0200 Subject: [PATCH 2/5] add missing zero padding --- src/unix/dialup.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/unix/dialup.cpp b/src/unix/dialup.cpp index 78b09aa9b8..14122eb2c1 100644 --- a/src/unix/dialup.cpp +++ b/src/unix/dialup.cpp @@ -559,6 +559,7 @@ wxDialUpManagerImpl::NetConnection wxDialUpManagerImpl::CheckConnect() serv_addr.sin_family = hp->h_addrtype; memcpy(&serv_addr.sin_addr,hp->h_addr, hp->h_length); serv_addr.sin_port = htons(m_BeaconPort); + memset(&serv_addr.sin_zero, 0, sizeof(serv_addr.sin_zero)); int sockfd; if( ( sockfd = socket(hp->h_addrtype, SOCK_STREAM, 0)) < 0) From 060c7e71571d1e35b621e14224be217ab95cf571 Mon Sep 17 00:00:00 2001 From: Marc-Philip Date: Mon, 19 Jun 2017 13:09:36 +0200 Subject: [PATCH 3/5] fix illegal memory access --- src/common/wxcrt.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/common/wxcrt.cpp b/src/common/wxcrt.cpp index 3071e58edc..8a1e427fa1 100644 --- a/src/common/wxcrt.cpp +++ b/src/common/wxcrt.cpp @@ -685,7 +685,8 @@ int wxVsnprintf(wchar_t *str, size_t size, const wxString& format, va_list argpt // VsnprintfTestCase reveals that glibc's implementation of vswprintf // doesn't nul terminate on truncation. - str[size - 1] = 0; + if ( size ) + str[size - 1] = 0; return rv; } From d449b429e8ae3586f9defda53a69fba6bf5b8b38 Mon Sep 17 00:00:00 2001 From: Marc-Philip Date: Mon, 19 Jun 2017 13:04:20 +0200 Subject: [PATCH 4/5] fix unitialized variable --- src/common/quantize.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/common/quantize.cpp b/src/common/quantize.cpp index 9d2eca611f..accf73e1fe 100644 --- a/src/common/quantize.cpp +++ b/src/common/quantize.cpp @@ -1428,6 +1428,7 @@ void wxQuantize::DoQuantize(unsigned w, unsigned h, unsigned char **in_rows, uns j_decompress dec; my_cquantize_ptr cquantize; + dec.colormap = NULL; dec.output_width = w; dec.desired_number_of_colors = desiredNoColours; prepare_range_limit_table(&dec); From 01215b8519c70e500cf43b2362cee6eb504b450f Mon Sep 17 00:00:00 2001 From: Marc-Philip Date: Mon, 19 Jun 2017 13:02:26 +0200 Subject: [PATCH 5/5] fix possible overrun --- src/unix/utilsunx.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/unix/utilsunx.cpp b/src/unix/utilsunx.cpp index efb3044325..6dd2e9927e 100644 --- a/src/unix/utilsunx.cpp +++ b/src/unix/utilsunx.cpp @@ -1209,7 +1209,12 @@ wxMemorySize wxGetFreeMemory() { unsigned long cached; if ( sscanf(buf, "Cached: %lu", &cached) == 1 ) - memFree += cached; + { + if ( cached > ULONG_MAX-memFree ) + memFree = ULONG_MAX; + else + memFree += cached; + } } // values here are always expressed in kB and we want bytes