[fann] fix memory corruption in fann_error, #1047627
Tomas Smetana
tsmetana at fedoraproject.org
Wed Jan 8 10:59:13 UTC 2014
commit 5613193a911ec63ffff089fe6c451d9e728135a4
Author: Tomas Smetana <tsmetana at redhat.com>
Date: Wed Jan 8 11:59:07 2014 +0100
fix memory corruption in fann_error, #1047627
fann-memcorruption.patch | 91 ++++++++++++++++++++++++++++++++++++++++++++++
fann.spec | 8 ++++-
2 files changed, 98 insertions(+), 1 deletions(-)
---
diff --git a/fann-memcorruption.patch b/fann-memcorruption.patch
new file mode 100644
index 0000000..6931613
--- /dev/null
+++ b/fann-memcorruption.patch
@@ -0,0 +1,91 @@
+--- FANN-2.2.0-Source/src/fann_error.c.old 2014-01-01 09:20:54.068451736 +0100
++++ FANN-2.2.0-Source/src/fann_error.c 2014-01-01 09:33:30.184789643 +0100
+@@ -119,36 +119,36 @@
+ case FANN_E_NO_ERROR:
+ break;
+ case FANN_E_CANT_OPEN_CONFIG_R:
+- vsprintf(errstr, "Unable to open configuration file \"%s\" for reading.\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Unable to open configuration file \"%s\" for reading.\n", ap);
+ break;
+ case FANN_E_CANT_OPEN_CONFIG_W:
+- vsprintf(errstr, "Unable to open configuration file \"%s\" for writing.\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Unable to open configuration file \"%s\" for writing.\n", ap);
+ break;
+ case FANN_E_WRONG_CONFIG_VERSION:
+- vsprintf(errstr,
++ vsnprintf(errstr, FANN_ERRSTR_MAX,
+ "Wrong version of configuration file, aborting read of configuration file \"%s\".\n",
+ ap);
+ break;
+ case FANN_E_CANT_READ_CONFIG:
+- vsprintf(errstr, "Error reading \"%s\" from configuration file \"%s\".\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Error reading \"%s\" from configuration file \"%s\".\n", ap);
+ break;
+ case FANN_E_CANT_READ_NEURON:
+- vsprintf(errstr, "Error reading neuron info from configuration file \"%s\".\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Error reading neuron info from configuration file \"%s\".\n", ap);
+ break;
+ case FANN_E_CANT_READ_CONNECTIONS:
+- vsprintf(errstr, "Error reading connections from configuration file \"%s\".\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Error reading connections from configuration file \"%s\".\n", ap);
+ break;
+ case FANN_E_WRONG_NUM_CONNECTIONS:
+- vsprintf(errstr, "ERROR connections_so_far=%d, total_connections=%d\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "ERROR connections_so_far=%d, total_connections=%d\n", ap);
+ break;
+ case FANN_E_CANT_OPEN_TD_W:
+- vsprintf(errstr, "Unable to open train data file \"%s\" for writing.\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Unable to open train data file \"%s\" for writing.\n", ap);
+ break;
+ case FANN_E_CANT_OPEN_TD_R:
+- vsprintf(errstr, "Unable to open train data file \"%s\" for writing.\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Unable to open train data file \"%s\" for writing.\n", ap);
+ break;
+ case FANN_E_CANT_READ_TD:
+- vsprintf(errstr, "Error reading info from train data file \"%s\", line: %d.\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Error reading info from train data file \"%s\", line: %d.\n", ap);
+ break;
+ case FANN_E_CANT_ALLOCATE_MEM:
+ sprintf(errstr, "Unable to allocate memory.\n");
+@@ -166,25 +166,26 @@
+ sprintf(errstr, "Unable to use the selected training algorithm.\n");
+ break;
+ case FANN_E_TRAIN_DATA_SUBSET:
+- vsprintf(errstr, "Subset from %d of length %d not valid in training set of length %d.\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Subset from %d of length %d not valid in training set of length %d.\n", ap);
+ break;
+ case FANN_E_INDEX_OUT_OF_BOUND:
+- vsprintf(errstr, "Index %d is out of bound.\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "Index %d is out of bound.\n", ap);
+ break;
+ case FANN_E_SCALE_NOT_PRESENT:
+ sprintf(errstr, "Scaling parameters not present.\n");
+ break;
+ case FANN_E_INPUT_NO_MATCH:
+- vsprintf(errstr, "The number of input neurons in the ann (%d) and data (%d) don't match\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "The number of input neurons in the ann (%d) and data (%d) don't match\n", ap);
+ break;
+ case FANN_E_OUTPUT_NO_MATCH:
+- vsprintf(errstr, "The number of output neurons in the ann (%d) and data (%d) don't match\n", ap);
++ vsnprintf(errstr, FANN_ERRSTR_MAX, "The number of output neurons in the ann (%d) and data (%d) don't match\n", ap);
+ break;
+ }
+ va_end(ap);
+
+ if(errdat != NULL)
+ {
++ /* possible memory leak, previous errdat->errstr not freed */
+ errdat->errstr = errstr;
+ error_log = errdat->error_log;
+ }
+@@ -197,6 +198,10 @@
+ {
+ fprintf(error_log, "FANN Error %d: %s", errno_f, errstr);
+ }
++ if (errdat == NULL)
++ {
++ free(errstr);
++ }
+ }
+
+ /* INTERNAL FUNCTION
diff --git a/fann.spec b/fann.spec
index c61ecc1..2c6f0a1 100644
--- a/fann.spec
+++ b/fann.spec
@@ -1,7 +1,7 @@
Summary: A fast artificial neural network library
Name: fann
Version: 2.2.0
-Release: 4%{?dist}
+Release: 5%{?dist}
License: LGPLv2+
Group: Development/Libraries
URL: http://fann.sf.net/
@@ -9,6 +9,7 @@ Source: http://downloads.sourceforge.net/fann/fann/2.2.0/FANN-%{version}-Sou
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: cmake
Patch0: fann-2.2.0-pkgconfig.patch
+Patch1: fann-memcorruption.patch
%description
@@ -29,6 +30,8 @@ based on the FANN library.
%prep
%setup -q -n FANN-%{version}-Source
%patch0 -p1
+%patch1 -p1 -b .memcorruption
+
LIBS=-lm
export LIBS
@@ -74,6 +77,9 @@ rm -rf $RPM_BUILD_ROOT
%{_includedir}/*.h
%changelog
+* Wed Jan 01 2014 Remi Collet <rcollet at redhat.com> - 2.2.0-5
+- fix memory corruption in fann_error, #1047627
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list