Package: liblas / 1.8.1-10

0001-Ensure-stream-is-deallocated-in-case-of-exception-16.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Description: Ensure stream is deallocated in case of exception
 Fixes CVE-2018-20540: memory leak at liblas::Open(liblas/liblas.hpp:127)
Author: Mateusz Loskot <mateusz@loskot.net>
Origin: https://github.com/libLAS/libLAS/commit/09d45518776489508f34098f1c159f58b856f459
Bug: https://github.com/libLAS/libLAS/issues/158

--- a/include/liblas/liblas.hpp
+++ b/include/liblas/liblas.hpp
@@ -119,16 +119,32 @@ inline std::istream* Open(std::string co
 {
 #ifdef USE_BOOST_IO
     namespace io = boost::iostreams;
-    io::stream<io::file_source>* ifs = new io::stream<io::file_source>();
-    ifs->open(filename.c_str(), mode);
-    if (ifs->is_open() == false) return NULL;
-    return ifs;
+    io::stream<io::file_source>* ifs = NULL;
+    try
+    {
+        ifs = new io::stream<io::file_source>();
+        ifs->open(filename.c_str(), mode);
+        if (ifs->is_open() == false) return NULL;
+        return ifs;
+    }
+    catch (...)
+    {
+        delete ifs;
+    }
 #else
-    std::ifstream* ifs = new std::ifstream();
-    ifs->open(filename.c_str(), mode);
-    if (ifs->is_open() == false) return NULL;
-    return ifs;
+    std::ifstream* ifs = NULL;
+    try
+    {
+        ifs = new std::ifstream();
+        ifs->open(filename.c_str(), mode);
+        if (ifs->is_open() == false) return NULL;
+    }
+    catch (...)
+    {
+        delete ifs;
+    }
 #endif
+    return NULL;
 }
 
 /// Create file and open to write in binary mode.