From 0b842a84353790534a401e09a8d3bdd3d25bc3a6 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@cs.stanford.edu>
Date: Wed, 27 Feb 2019 20:11:06 -0800
Subject: [PATCH] sys-file-writer: Remove assertions based on file position.

These assertions can fail if the underlying file is not a regular file,
e.g. if it is a device such as /dev/null.

CVE-2019-9211.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1683499.
See also https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9211.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923417.
---
 src/data/sys-file-writer.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/data/sys-file-writer.c b/src/data/sys-file-writer.c
index df5108e2a0..bbe58aecd6 100644
--- a/src/data/sys-file-writer.c
+++ b/src/data/sys-file-writer.c
@@ -953,7 +953,6 @@ write_long_string_value_labels (struct sfm_writer *w,
   const char *encoding = dict_get_encoding (dict);
   size_t n_vars = dict_get_var_cnt (dict);
   size_t size, i;
-  off_t start UNUSED;
 
   /* Figure out the size in advance. */
   size = 0;
@@ -985,7 +984,6 @@ write_long_string_value_labels (struct sfm_writer *w,
   write_int (w, 1);             /* Data item (byte) size. */
   write_int (w, size);          /* Number of data items. */
 
-  start = ftello (w->file);
   for (i = 0; i < n_vars; i++)
     {
       struct variable *var = dict_get_var (dict, i);
@@ -1022,7 +1020,6 @@ write_long_string_value_labels (struct sfm_writer *w,
           free (label);
         }
     }
-  assert (ftello (w->file) == start + size);
 }
 
 static void
@@ -1032,7 +1029,6 @@ write_long_string_missing_values (struct sfm_writer *w,
   const char *encoding = dict_get_encoding (dict);
   size_t n_vars = dict_get_var_cnt (dict);
   size_t size, i;
-  off_t start UNUSED;
 
   /* Figure out the size in advance. */
   size = 0;
@@ -1058,7 +1054,6 @@ write_long_string_missing_values (struct sfm_writer *w,
   write_int (w, 1);             /* Data item (byte) size. */
   write_int (w, size);          /* Number of data items. */
 
-  start = ftello (w->file);
   for (i = 0; i < n_vars; i++)
     {
       struct variable *var = dict_get_var (dict, i);
@@ -1087,7 +1082,6 @@ write_long_string_missing_values (struct sfm_writer *w,
           write_bytes (w, value_str (value, width), 8);
         }
     }
-  assert (ftello (w->file) == start + size);
 }
 
 static void
-- 
2.30.2