From 286233e28fb3ce8899a5a66edf7d95222aa087af Mon Sep 17 00:00:00 2001 From: Landon Curt Noll Date: Fri, 22 Oct 2021 03:05:12 -0700 Subject: [PATCH] Fixed internal code bugs Fixed a really obscure bug in the internal initconstants() function of const.c that has been sitting for over 31 years! We are amazed that nobody has encountered this bug before now. Nevertheless, our very extensive regression and multi-architecture testing found the bug. Now, after all those years, it is fixed. Fixed issues identied by the default CodeUL GitHub security code scan: Wrong type of arguments to printf in have_fpos_pos.c Multiplication result converted to larger type in zfunc.c --- CHANGES | 13 +++++++++++++ const.c | 5 ++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 5221a49..324665d 100644 --- a/CHANGES +++ b/CHANGES @@ -197,6 +197,19 @@ The following are the changes from calc version 2.14.0.0 to date: Fixed an old Windoz pun in README.WINDOWS as requested by . + Fixed a really obscure bug in the internal initconstants() + function of const.c that has been sitting for over 31 years! + + We are amazed that nobody has encountered this bug before + now. Nevertheless, our very extensive regression and + multi-architecture testing found the bug. Now, after all + those years, it is fixed. + + Fixed issues identied by the default CodeUL GitHub security code scan: + + Wrong type of arguments to printf in have_fpos_pos.c + Multiplication result converted to larger type in zfunc.c + The following are the changes from calc version 2.13.0.1 to 2.13.0.1: diff --git a/const.c b/const.c index 4db6772..704a3f0 100644 --- a/const.c +++ b/const.c @@ -49,7 +49,7 @@ initconstants(void) math_error("Unable to allocate constant table"); /*NOTREACHED*/ } - for (i = 0; consttable[i] != NULL; i++) { + for (i = 0; initnumbs[i] != NULL; i++) { consttable[i] = initnumbs[i]; } constcount = i-1; @@ -123,6 +123,9 @@ addqconstant(NUMBER *q) tp = consttable; for (index = 0; index < constcount; index++, tp++) { t = *tp; + if (t == NULL) { /* paranoia */ + break; + } if (t->links == 0) { if (!havefirst) { havefirst = TRUE;