summaryrefslogtreecommitdiff
path: root/debian/tests
diff options
context:
space:
mode:
Diffstat (limited to 'debian/tests')
-rw-r--r--debian/tests/control7
-rwxr-xr-xdebian/tests/cve-2019-1446821
-rw-r--r--debian/tests/cve-2019-14468.cobbin0 -> 4045 bytes
-rw-r--r--debian/tests/cve-2019-14468.exp134
-rwxr-xr-xdebian/tests/cve-2019-1448621
-rw-r--r--debian/tests/cve-2019-14486.cob197
-rw-r--r--debian/tests/cve-2019-14486.exp66
-rwxr-xr-xdebian/tests/cve-2019-1452821
-rw-r--r--debian/tests/cve-2019-14528.cobbin0 -> 10432 bytes
-rw-r--r--debian/tests/cve-2019-14528.exp45
-rwxr-xr-xdebian/tests/cve-2019-1454121
-rw-r--r--debian/tests/cve-2019-14541.cobbin0 -> 10432 bytes
-rw-r--r--debian/tests/cve-2019-14541.exp46
-rwxr-xr-xdebian/tests/cve-2019-1639521
-rw-r--r--debian/tests/cve-2019-16395.cob248
-rw-r--r--debian/tests/cve-2019-16395.exp8
-rwxr-xr-xdebian/tests/cve-2019-1639621
-rw-r--r--debian/tests/cve-2019-16396.cobbin0 -> 3097 bytes
-rw-r--r--debian/tests/cve-2019-16396.exp32
-rwxr-xr-xdebian/tests/hello20
20 files changed, 929 insertions, 0 deletions
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..7c94e88
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,7 @@
+Tests: hello
+
+Tests: cve-2019-14468, cve-2019-14486, cve-2019-14528, cve-2019-14541
+Restrictions: allow-stderr
+
+Tests: cve-2019-16395, cve-2019-16396
+Restrictions: allow-stderr
diff --git a/debian/tests/cve-2019-14468 b/debian/tests/cve-2019-14468
new file mode 100755
index 0000000..9aac072
--- /dev/null
+++ b/debian/tests/cve-2019-14468
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-14468 is repaired
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-14468.cob > $AUTOPKGTEST_TMP/cve-2019-14468.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-14468.exp $AUTOPKGTEST_TMP/cve-2019-14468.act
+res=$?
+if [ $res = 0 ] ; then
+ echo "success: cve-2019-14468 produced proper results"
+else
+ echo "error: cve-2019-14468 did not produce proper results"
+ diff -u cve-2019-14468.exp $AUTOPKGTEST_TMP/cve-2019-14468.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-14468.cob b/debian/tests/cve-2019-14468.cob
new file mode 100644
index 0000000..f1cedc5
--- /dev/null
+++ b/debian/tests/cve-2019-14468.cob
Binary files differ
diff --git a/debian/tests/cve-2019-14468.exp b/debian/tests/cve-2019-14468.exp
new file mode 100644
index 0000000..40f3cd1
--- /dev/null
+++ b/debian/tests/cve-2019-14468.exp
@@ -0,0 +1,134 @@
+cve-2019-14468.cob:25: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14468.cob:43: warning: line not terminated by a newline
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-'
+cobc: too many errors
+
+cobc: aborting compile of cve-2019-14468.cob at line 26 (PROGRAM-ID: tutorial)
diff --git a/debian/tests/cve-2019-14486 b/debian/tests/cve-2019-14486
new file mode 100755
index 0000000..bebb569
--- /dev/null
+++ b/debian/tests/cve-2019-14486
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-14486 is repaired
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-14486.cob > $AUTOPKGTEST_TMP/cve-2019-14486.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-14486.exp $AUTOPKGTEST_TMP/cve-2019-14486.act
+res=$?
+if [ $res = 0 ] ; then
+ echo "success: cve-2019-14486 produced proper results"
+else
+ echo "error: cve-2019-14486 did not produce proper results"
+ diff -u cve-2019-14486.exp $AUTOPKGTEST_TMP/cve-2019-14486.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-14486.cob b/debian/tests/cve-2019-14486.cob
new file mode 100644
index 0000000..4ca0a9d
--- /dev/null
+++ b/debian/tests/cve-2019-14486.cob
@@ -0,0 +1,197 @@
+
+ *> This is in most part the tutorial code from
+ *> MicroFocus "external filPPPPPPPPPPPPPPPPPPPPPPPPPPPP *>
+ *> "Tutorial: Using the Callable File Handler"
+ *>
+ *> Left separate until possible integration into
+ *> main testsuite is clear...
+ *>
+ $SET SOURCEFORMAT "VARIABLE"
+ *
+ IDENTIFICATION DIVISION.
+ PROGRAM-ID. tutorial.
+ DATA DIVISION.
+ WORKING-STORAGE SECTION.
+ 01 opcode pic x(2).
+ 78 OP-QUERY-FILE value x"0006".
+ 78 OP-OPEN-INPUT value x"fa00".
+ 78 OP-OPEN-OUTPUT value x"fa01".
+ 78 OP-OPEN-I-O value x"fa02".
+ 78 OP-WRITE value x"faf3".
+ 78 OP-RELEASE value x"faf3".
+ 78 OP-REWRITE value x"faf4".
+ 78 OP-READ-NEXT value x"faf5".
+ 78 OP-START-EQUAL value x"fae9".
+ 78 OP-CLOSE value x"fa80".
+
+
+ 01 FCD.
+ copy 'xfhfcd3.cpy'.
+
+
+ 01 ex-filename pic x(260) value "idxfile.dat".
+ 01 ex-index-name pic x(100). *> not used in different formats
+
+
+ 01 ex-keydef.
+ 47 key2length pic 9(4) comp-x.
+ 0 47 key-version pic 9(2) comp-x value 2.
+ 47 filler pic 9(6) comp-x. *> reserved
+ 47 key-count pic 9(4) comp-x.
+ 47 filler pic 9(13) comp-x. *> reserved
+
+ * key-specification is repeated for the number of keys defined by
+ * key-count
+ 47 key-specification.
+  49 component-count pic 9(4) comp-x.
+ * The offset for the component-specification for this key
+ 49 component-defs pic 9(4) comp-x.
+ 49 key-flags pic 9(2) comp-x.
+ 78 KEY2KEYFLAG-DUPS-IN-ORDER value h"40".
+ 78 KEY2KEYFLAG-PRIME value h"10".
+ 78 KEY2KEYFLAG-SPARSE-KEY value h"02".
+ 49 key-compression pic 9(2) comp-x.
+ 78 KEY2COMPRESS-TRAILING-NULLS value h"08".
+ 78 KEY2COMPRESS-TRAILING-SPACES value h"04".
+ 78 KEY2COMPRESS-IDENTICAL-CHARS value h"02".
+ 78 KEY2COMPRESS-FOLLOWING-DUP value h"0247763657621391446 78 KEY2COMPRESS-NO-COMPRESSION value h"00".
+ 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION.
+ 49 sparse-characters pic x(2).
+ 49 filler pic x(8). *> reserved
+
+
+ * component-specifications for all keys follows after the key-specifications * for all the keys.
+ 47 component-specification.
+ 49 component-flags pic 9(2) comp-x.
+ 49 component-type pic 9(2) comp-x.
+ m 78 KEY2PARTTYP-NUMERIC value h"80".
+ 78 KEY2PARTTYP-SIGNED value h"40".
+ 78 KEY2PARTTYP-COMP value h"20".
+ 78 KEY2PARTTYP-COMP-3 value h"21".
+ 78 KEY2PARTTYP-COMP-X value h"22".
+ f 78 KEY2PARTTYP-COMP-5 value h"23".
+ 78 KEY2PARTTYP-FLOAT value h"24".
+ 78 KEY2PARTTYP-COMP-6 value h"25".
+ 78 KEY2PARTTYP-DISPLAY value h"00".
+ 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h"00".
+ 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h"01".
+ 78 KEY2PARTTYP-SIGN-LEAD-INCL value h"02".
+ 78 KEY2PARTTYP-SIGN-LEAD-SEP value h"03".
+ 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h"04".
+ 49 component-offret pic 9(9) comp-x.
+ 49 component-length pic 9(9) comp-x.
+
+
+ * storage or record
+ 01 ex-record.
+ 03 record-key pic 9(5).
+ 03 record-data pic x(95).
+
+ PR 78 KEY2KEYFLAG-PRIME value h"10".
+ 78 KEY2KEYFLAG-SPARSE-KEY value h"02".
+ 49 key-compression pic 9(2) comp-x.
+ 78 KEY2COMPRESS-TRAILING-NULLS value h"08".
+ 78 KEY2COMPRESS-TRAILING-SPACES value h"04".
+ 78 KEY2COMPRESS-IDENTICAL-CHARS value h"02".
+ 78 KEY2COMPRESS-FOLLOWING-DUP value h"0247763657621391446 78 KEY2COMPRESS-NO-COMPRESSION value h"00".
+ 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION.
+ 49 sparse-characters pic x(2).
+ 49 filler pic x(8). *> reserved
+
+
+ * component-specifications for all keys follows after the key-specifications * for all the keys.
+ 47 component-specification.
+ 49 component-flags pic 9(2) comp-x.
+ 49 component-type pic 9(2) comp-x.
+ 78 KEY2PARTTYP-NUMERIC value h"80".
+ 78 KEY2PARTTYP-SIGNED value h"40".
+ 78 KEY2PARTTYP-COMP value h"20".
+ 78 KEY2PARTTYP-COMP-3 value h"21".
+ 78 KEY2PARTTYP-COMP-X value h"22".
+ f 78 KEY2PARTTYP-COMP-5 value h"23".
+ 78 KEY2PARTTYP-F>AT value h"24".
+ 78 KEY2PARTTYP-COMP-6 value h"25".
+ 78 KEY2PARTTYP-DISPLAY value h"00".
+ 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h"00".
+ 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h"01".
+ 78 KEY2PARTTYP-SIGN-LEAD-INCL value h"02".
+ 78 KEY2PARTTYP-SIGN-LEAD-SEP value h"03".
+ 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h"04".
+ 49 component-offret pic 9(9) comp-x.
+ 49 component-length pic 9(9) comp-x.
+
+
+ * storage or record
+ 01 ex-record.
+ 03 record-key pic 9(5).
+ 03 record-data pic x(95).
+
+ PROCEDURE DIVISION.
+
+ *>
+ *> invoke part I
+ *>
+
+ *> Create an indexed file
+ *> open output an indexed file call "idxfile.dat"
+ display "Create new4095391983033575536 perform set-fcd
+ move OP-OPEN-OUTPUT to opcode
+ perform call-file-handler
+ perform display-file-status.
+
+ *> Write 5 records increasing record length by 1 each time
+ move all "A" to record-data
+ move 0 to record-key
+ move 5 to fcd-current-rec-len
+ move OP-WRITE to opcode
+ perform 5 times
+ add 1 to record-key
+ add 1 to fcd-current-rec-len
+ perform call-file-handler
+ end-perform.
+
+ *> Now close the file
+ move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-address to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org to fcd-organization
+ move fcd--version-number to fcd-version
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ set fcd-record-address to address to address of ex-record
+ move OP-QUERY-FILE to opcode
+ accept omitted
+ perform call-file-handler
+ perform display-file-status
+ display "file open, ready to read"
+ perform
+ perform rewrite-first-record.
+
+ *> Now read all the records again
+ perform read-all-records
+
+
+ goback.
+
+ *>
+ *> Part I starts here
+ *>
+
+ set-fcd section.
+ *> Initially sets up FCD for OPEN op
+ move low-values to fcd
+ move length of fcd to fcd-length
+ move fcd--version-nu ber to fcd-version
+ move fcd--indexed-org to fcd-organization
+ move fcd--dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
diff --git a/debian/tests/cve-2019-14486.exp b/debian/tests/cve-2019-14486.exp
new file mode 100644
index 0000000..8fe94b6
--- /dev/null
+++ b/debian/tests/cve-2019-14486.exp
@@ -0,0 +1,66 @@
+cve-2019-14486.cob:58: error: continuation character expected
+cve-2019-14486.cob:97: error: continuation character expected
+cve-2019-14486.cob:138: error: continuation character expected
+cve-2019-14486.cob:197: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14486.cob:57: error: invalid hexadecimal literal: '0247763657621391446 78 KEY2COMP...'
+cve-2019-14486.cob:57: error: literal length 67 exceeds 16 characters
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION.
+ 49 sparse-characters pic x(2).
+ 49 filler pic x(8).
+
+
+
+ 47 component-specification.
+ 49 component-flags pic 9(2) comp-x.
+ 49 component-type pic 9(2) comp-x.
+ 78 KEY2PARTTYP-NUMERIC value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGNED value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-COMP value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-COMP-3 value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-COMP-X value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ f 78 KEY2PARTTYP-COMP-5 value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-FLOAT value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-COMP-6 value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-DISPLAY value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-LEAD-INCL value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-LEAD-SEP value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 49 component-offret pic 9(9) comp-x.
+ 49 component-length pic 9(9) comp-x.
+
+
+
+ 01 ex-record.
+ 03 record-key pic 9(5).
+ 03 record-data pic x(95).
+
+ PR 78 KEY2KEYFLAG-PRIME value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2KEYFLAG-SPARSE-KEY value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 49 key-compression pic 9(2) comp-x.
+ 78 KEY2COMPRESS-TRAILING-NULLS value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2COMPRESS-TRAILING-SPACES value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2COMPRESS-IDENTICAL-CHARS value h' in expression
+cve-2019-14486.cob:57: error: invalid operator '.
+ 78 KEY2COMPRESS-FOLLOWING-DUP value h' in expression
+cve-2019-14486.cob:57: error: syntax error, unexpected Identifier, expecting .
diff --git a/debian/tests/cve-2019-14528 b/debian/tests/cve-2019-14528
new file mode 100755
index 0000000..975e4af
--- /dev/null
+++ b/debian/tests/cve-2019-14528
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-14528 is repaired
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-14528.cob > $AUTOPKGTEST_TMP/cve-2019-14528.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-14528.exp $AUTOPKGTEST_TMP/cve-2019-14528.act
+res=$?
+if [ $res = 0 ] ; then
+ echo "success: cve-2019-14528 produced proper results"
+else
+ echo "error: cve-2019-14528 did not produce proper results"
+ diff -u cve-2019-14528.exp $AUTOPKGTEST_TMP/cve-2019-14528.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-14528.cob b/debian/tests/cve-2019-14528.cob
new file mode 100644
index 0000000..5501680
--- /dev/null
+++ b/debian/tests/cve-2019-14528.cob
Binary files differ
diff --git a/debian/tests/cve-2019-14528.exp b/debian/tests/cve-2019-14528.exp
new file mode 100644
index 0000000..c07e0ba
--- /dev/null
+++ b/debian/tests/cve-2019-14528.exp
@@ -0,0 +1,45 @@
+cve-2019-14528.cob:3: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4: error: invalid indicator 'I' at column 7
+cve-2019-14528.cob:6: error: invalid indicator '1' at column 7
+cve-2019-14528.cob:7: error: invalid indicator 'I' at column 7
+cve-2019-14528.cob:9: error: invalid indicator '' at column 7
+cve-2019-14528.cob:10: error: invalid indicator 'I' at column 7
+cve-2019-14528.cob:12: error: invalid indicator '+' at column 7
+cve-2019-14528.cob:15: error: invalid SOURCEFORMAT directive option 'VAal fileT SOURCEFORMAT '
+cve-2019-14528.cob:19: error: invalid indicator '3' at column 7
+cve-2019-14528.cob:25: error: invalid indicator '3' at column 7
+cve-2019-14528.cob:2876: error: invalid indicator '5' at column 7
+cve-2019-14528.cob:3330: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14528.cob:3330: error: invalid indicator '' at column 7
+cve-2019-14528.cob:3331: error: invalid indicator 'h' at column 7
+cve-2019-14528.cob:3332: error: invalid indicator '' at column 7
+cve-2019-14528.cob:3333: error: invalid indicator '^' at column 7
+cve-2019-14528.cob:3334: error: invalid indicator '' at column 7
+cve-2019-14528.cob:3335: error: invalid indicator '' at column 7
+cve-2019-14528.cob:3336: error: invalid indicator '=' at column 7
+cve-2019-14528.cob:3337: error: invalid indicator 'c' at column 7
+cve-2019-14528.cob:3338: error: invalid indicator '' at column 7
+cve-2019-14528.cob:3339: error: invalid indicator '0' at column 7
+cve-2019-14528.cob:3341: error: invalid indicator '
+cve-2019-14528.cob:3342: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14528.cob:3342: error: invalid indicator '<' at column 7
+cve-2019-14528.cob:3343: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4004: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4005: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14528.cob:4005: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4007: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4008: error: invalid indicator 'c' at column 7
+cve-2019-14528.cob:4009: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4010: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4011: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4012: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4013: error: invalid indicator '9' at column 7
+cve-2019-14528.cob:4014: error: invalid indicator '' at column 7
+cve-2019-14528.cob:4015: warning: line not terminated by a newline
+cve-2019-14528.cob:4015: error: invalid indicator '' at column 7
+cve-2019-14528.cob:15: error: PROCEDURE DIVISION header missing
+cve-2019-14528.cob:15: error: invalid PROGRAM-ID '#OPTION VARIABLE
+
+
+ IDENTIFICATI...' - length exceeds maximum
+cve-2019-14528.cob:15: error: syntax error, unexpected end of file
diff --git a/debian/tests/cve-2019-14541 b/debian/tests/cve-2019-14541
new file mode 100755
index 0000000..77f56fd
--- /dev/null
+++ b/debian/tests/cve-2019-14541
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-14541 is fixed
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-14541.cob > $AUTOPKGTEST_TMP/cve-2019-14541.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-14541.exp $AUTOPKGTEST_TMP/cve-2019-14541.act
+res=$?
+if [ $res = 0 ] ; then
+ echo "success: cve-2019-14541 produced proper results"
+else
+ echo "error: cve-2019-14541 did not produce proper results"
+ diff -u cve-2019-14541.exp $AUTOPKGTEST_TMP/cve-2019-14541.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-14541.cob b/debian/tests/cve-2019-14541.cob
new file mode 100644
index 0000000..4fbad21
--- /dev/null
+++ b/debian/tests/cve-2019-14541.cob
Binary files differ
diff --git a/debian/tests/cve-2019-14541.exp b/debian/tests/cve-2019-14541.exp
new file mode 100644
index 0000000..547416c
--- /dev/null
+++ b/debian/tests/cve-2019-14541.exp
@@ -0,0 +1,46 @@
+cve-2019-14541.cob:3: error: invalid indicator '' at column 7
+cve-2019-14541.cob:4: error: invalid indicator 'I' at column 7
+cve-2019-14541.cob:6: error: invalid indicator '' at column 7
+cve-2019-14541.cob:7: error: invalid indicator 'I' at column 7
+cve-2019-14541.cob:9: error: invalid indicator '' at column 7
+cve-2019-14541.cob:10: error: invalid indicator 'I' at column 7
+cve-2019-14541.cob:12: error: invalid indicator '+' at column 7
+cve-2019-14541.cob:15: error: invalid SOURCEFORMAT directive option 'VAal fileT SOURCEFORMAT '
+cve-2019-14541.cob:19: error: invalid indicator '3' at column 7
+cve-2019-14541.cob:22: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:26: error: invalid indicator '6' at column 7
+cve-2019-14541.cob:27: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:32: error: invalid indicator '3' at column 7
+cve-2019-14541.cob:34: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:37: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:39: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14541.cob:39: error: invalid indicator ',' at column 7
+cve-2019-14541.cob:40: error: invalid indicator '' at column 7
+cve-2019-14541.cob:41: error: invalid indicator '' at column 7
+cve-2019-14541.cob:43: error: invalid indicator '' at column 7
+cve-2019-14541.cob:44: error: invalid indicator '' at column 7
+cve-2019-14541.cob:45: error: invalid indicator '' at column 7
+cve-2019-14541.cob:46: error: invalid indicator '' at column 7
+cve-2019-14541.cob:47: error: invalid indicator '' at column 7
+cve-2019-14541.cob:2489: error: invalid indicator 'T' at column 7
+cve-2019-14541.cob:2491: error: continuation character expected
+cve-2019-14541.cob:2493: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:2498: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:2502: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:2506: error: invalid indicator '3' at column 7
+cve-2019-14541.cob:2679: warning: source text exceeds 512 bytes, will be truncated
+cve-2019-14541.cob:2679: error: invalid indicator '' at column 7
+cve-2019-14541.cob:3025: error: invalid indicator 'T' at column 7
+cve-2019-14541.cob:3029: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:3034: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:3038: error: invalid indicator 'O' at column 7
+cve-2019-14541.cob:3042: error: invalid indicator '3' at column 7
+cve-2019-14541.cob:3047: error: invalid indicator '!' at column 7
+cve-2019-14541.cob:3048: warning: line not terminated by a newline
+cve-2019-14541.cob:3048: error: invalid indicator '=' at column 7
+cve-2019-14541.cob:15: error: PROCEDURE DIVISION header missing
+cve-2019-14541.cob:15: error: invalid PROGRAM-ID '#OPTION VARIABLE
+
+
+ IDENTIFICATI...' - length exceeds maximum
+cve-2019-14541.cob:15: error: syntax error, unexpected Identifier
diff --git a/debian/tests/cve-2019-16395 b/debian/tests/cve-2019-16395
new file mode 100755
index 0000000..639b52e
--- /dev/null
+++ b/debian/tests/cve-2019-16395
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-16395 is fixed
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-16395.cob > $AUTOPKGTEST_TMP/cve-2019-16395.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-16395.exp $AUTOPKGTEST_TMP/cve-2019-16395.act
+res=$?
+if [ $res = 0 ] ; then
+ echo "success: cve-2019-16395 produced proper results"
+else
+ echo "error: cve-2019-16395 did not produce proper results"
+ diff -u cve-2019-16395.exp $AUTOPKGTEST_TMP/cve-2019-16395.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-16395.cob b/debian/tests/cve-2019-16395.cob
new file mode 100644
index 0000000..924383a
--- /dev/null
+++ b/debian/tests/cve-2019-16395.cob
@@ -0,0 +1,248 @@
+
+ *> This is in most part the tutorial code from
+ *> MicroFocus "external file handler" documentation.
+ *>
+ *> "Tutorial: Using the Callable File Handler"
+ *>
+ *> Left separate until possible integration into
+ *> main testsuite is clear...
+ *>
+ $SET SOURCEFORMAT "VARIABLE"
+ *
+ IDENTIFICATION DIVISION.
+ PROGRAM-ID. tutorial.
+ DATA DIVISION.
+ WORKING-STORAGE SECTION.
+ 01 opcode pic x(2).
+ 78 OP-QUERY-FILE value x"0006".
+ 78 OP-OPEN-INPUT value x"fa00".
+ 78 OP-OPEN-OUTPUT value x"fa01".
+ 78 OP-OPEN-I-O value x"fa02".
+ 78 OP-WRITE value x"faf3".
+ 78 OP-RELEASE value x"faf3".
+ 78 OP-REWRITE value x"faf4".
+ 78 OP-READ-NEXT value x"faf5".
+ 78 OP-START-EQUAL value x"fae9".
+ 78 OP-CLOSE value x"fa80".
+
+
+ 01 FCD.
+ copy 'xfhfcd3.cpy'.
+
+
+ 01 ex-filename pic x(260) value "idxfile.dat".
+ 01 ex-index-name pic x(100). *> not used in different formats
+
+
+ 01 ex-keydef.
+ 47 key2length pic 9(4) comp-x.
+ 47 key-version pic 9(2) comp-x value 2.
+ 47 filler pic 9(6) comp-x. *> reserved
+ 47 key-count pic 9(4) comp-x.
+ 47 filler pic 9(13) comp-n. *> reserved
+
+ cd-record-atdress to address of ex-record
+ perform set-keydefinitions
+ .
+
+ set-keydefinitions section.
+ move low-values to ex-keydef
+ 'vove length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #q move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-address to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org to fcd-organization
+ move fcd--version-number to fcd-version
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ set fcd-record.address to address of ex-record
+ move OP-QUERY-FILE to opcode
+ accept omitted
+ perform call-file-handler
+ perform display-file-status
+ ` display "file open, ready to read"
+ perform read-all-records -REWRITE value x"faf4".
+ 78 OP-READ-NEXT value x"faf5".
+ 78 OP-START-EQUAL value x"fae9".
+ 78 OP-CLOSE value x"fa80".
+
+
+ 01 FCD.
+ copy 'xfhfcd3.cpy'.
+
+
+ 01 ex-filename pic x(260) value "idxfile.dat".
+ 01 ex-index-name pic x(100). *> not used in different formats
+
+
+ 01 ex-keydef.
+ 47 key2length pic 9(4) comp-x.
+ 47 key-version pic 9(2) comp-x value 2.
+ 47 filler pic 9(6) comp-x. *> reserved
+ 47 key-count pic 9(4) comp-x.
+ 47 filler pic 9(13) comp-n. *> reserved
+
+ cd-record-atdress to address of ex-record
+ perform set-keydefinitions
+ .
+
+ set-keydefinitions section.
+ move low-values to ex-keydef
+ move length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #q move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-address to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org to fcd-organization
+ move fcd--version-number to fcd-version
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ set fcd-record-address to address of ex-record
+ move OP-QUERY-FILE to opcode
+ accept omitted
+ perform call-file-handler
+ perform display-file-status
+ display "file open, ready to read"
+ perform read-all-records -REWRITE value x"faf4".
+ 78 OP-READ-NEXT value x"faf5".
+ 78 OP-START-EQUAL value x"fae9".
+ 78 OP-CLOSE value x"fa80".
+
+
+ 01 FCD.
+ copy 'xfhfcd3.cpy'.
+
+
+ 01 ex-filename pic x(260) value "idxfile.dat".
+ 01 ex-index-name pic x(100). *> not used in different formats
+
+
+ 01 ex-keydef.
+ 47 key2length pic 9(4) comp-x.
+ 47 key-version pic 9(2) comp-x value 2.
+ 47 filler pic 9(6) comp-x. *> reserved
+ 47 key-count pic 9(4) comp-x.
+ 47 filler pic 9(13) comp-n. *> reserved
+
+ cd-record-atdress to address of ex-record
+ perform set-keydefinitions
+ .
+
+ set-keydefinitions section.
+ move low-values to ex-keydef
+ move length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #q move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-addrfss to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org to fcd-organization
+ move fcd--version-number to fcd-version
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ set fcd-record-address to address of ex-record
+ move OP-QUERY-FILE to opcode
+ accept omitted
+ perform call-file-handler
+ perform display-file-status
+ display "file open, ready to read"
+ perform read-all-records
+ perform rewrite-first-record.
+
+ *> Now read all the records again
+ perform read-all-records
+
+
+ goback.
+
+ *>
+ *> Part I starts here
+ *>
+
+ set-fcdectiof.
+ *> Initially sets up FCD for OPEN op
+ move low-values to fcd
+ move length of fcd to fcd-length
+ move fcd--version-number to fcd-version
+ move fcd--indexed-org to fcd-organization
+ move fcd--dynamic-access to fcd-acce+Ymode
+ move fcd--open-closed to fcd-open-mode *> When opening a file this should be set to fcd--open-closed
+ move fcd--recmode-variable to fcd-recording-mode
+ move fcd--formt-big to fcd-file-format
+ move fcd--auto-lock-bit to fcd-lock-mode
+ move 12 to fcd-name-length
+ set fcd-filename-address to address of ex-filename
+ set fcd-idxname-address to address of ex-index-name
+ set fcd-key-def-address to address of ex-keydef
+ moength
+ set fcd-record-address to address of ex-record
+ perform set-keydefinitions
+ .
+
+ setjeydefinitions section.
+ move low-values to ex-keydef
+ move length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #qkey-def-address to ad
+ress of ex-keydef
+ moength
+ set fcd-record-atdress to address of ex-record
+ perform set-keydefinitions
+ .
+
+ set-keydefinitions section.
+ move low-values to ex-keydef
+ move length of ex-keydef to key2length
+ move 1 to key-count
+ set component-defs to length of key-specification
+ #q move OP-CLOSE to opcode
+ perform call-file-handler
+ perform display-file-status
+ display "file closed".
+
+ *>
+ *> invoke part II
+ *>
+
+ *> Query the file to retrieve file information
+ move low-values to fcd
+ set fcd-filename-address to address of ex-filename
+ move 80 to fcd-name-length
+ move fcd--determine-org
diff --git a/debian/tests/cve-2019-16395.exp b/debian/tests/cve-2019-16395.exp
new file mode 100644
index 0000000..4fbab0e
--- /dev/null
+++ b/debian/tests/cve-2019-16395.exp
@@ -0,0 +1,8 @@
+cve-2019-16395.cob:51: error: continuation character expected
+cve-2019-16395.cob:224: error: invalid indicator 'f' at column 7
+cve-2019-16395.cob:45: error: PROCEDURE DIVISION header missing
+cve-2019-16395.cob: in section 'set-keydefinitions':
+cve-2019-16395.cob:50: error: invalid literal: 'vove length of ex-keydef to key2len...'
+cve-2019-16395.cob:50: error: literal length exceeds 8191 characters
+cve-2019-16395.cob:49: error: invalid MOVE target: literal 'vove length of ex-keydef to key2len...'
+cve-2019-16395.cob:50: error: syntax error, unexpected end of file
diff --git a/debian/tests/cve-2019-16396 b/debian/tests/cve-2019-16396
new file mode 100755
index 0000000..9b30942
--- /dev/null
+++ b/debian/tests/cve-2019-16396
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# verify that CVE-2019-16396 is fixed
+#
+
+cd debian/tests
+
+echo "info: compiling"
+(cobc cve-2019-16396.cob > $AUTOPKGTEST_TMP/cve-2019-16396.act 2>&1)
+
+echo "info: running"
+cmp -s cve-2019-16396.exp $AUTOPKGTEST_TMP/cve-2019-16396.act
+res=$?
+if [ $res = 0 ] ; then
+ echo "success: cve-2019-16396 produced proper results"
+else
+ echo "error: cve-2019-16396 did not produce proper results"
+ diff -u cve-2019-16396.exp $AUTOPKGTEST_TMP/cve-2019-16396.act
+fi
+
+exit $res
diff --git a/debian/tests/cve-2019-16396.cob b/debian/tests/cve-2019-16396.cob
new file mode 100644
index 0000000..46b50b5
--- /dev/null
+++ b/debian/tests/cve-2019-16396.cob
Binary files differ
diff --git a/debian/tests/cve-2019-16396.exp b/debian/tests/cve-2019-16396.exp
new file mode 100644
index 0000000..80107b8
--- /dev/null
+++ b/debian/tests/cve-2019-16396.exp
@@ -0,0 +1,32 @@
+cve-2019-16396.cob:64: error: invalid indicator '' at column 7
+cve-2019-16396.cob:65: error: invalid indicator '' at column 7
+cve-2019-16396.cob:68: error: invalid indicator '' at column 7
+cve-2019-16396.cob:69: warning: line not terminated by a newline
+cve-2019-16396.cob:69: error: invalid indicator '' at column 7
+cve-2019-16396.cob:10: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum
+cve-2019-16396.cob:18: error: ENVIRONMENT DIVISION header missing
+cve-2019-16396.cob:18: error: CONFIGURATION SECTION header missing
+cve-2019-16396.cob:18: error: SPECIAL-NAMES header missing
+cve-2019-16396.cob:18: error: invalid system-name 'testsuite'
+cve-2019-16396.cob:18: warning: ignoring redundant .
+cve-2019-16396.cob:22: error: PROCEDURE DIVISION header missing
+cve-2019-16396.cob:23: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum
+cve-2019-16396.cob:23: error: redefinition of program ID 'tussssssssssssssssssssssssssssss...'
+cve-2019-16396.cob:31: error: ENVIRONMENT DIVISION header missing
+cve-2019-16396.cob:31: error: CONFIGURATION SECTION header missing
+cve-2019-16396.cob:31: error: SPECIAL-NAMES header missing
+cve-2019-16396.cob:31: error: SPECIAL-NAMES not allowed in nested programs
+cve-2019-16396.cob:31: warning: ignoring redundant .
+cve-2019-16396.cob:35: error: PROCEDURE DIVISION header missing
+cve-2019-16396.cob:36: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum
+cve-2019-16396.cob:36: error: redefinition of program ID 'tussssssssssssssssssssssssssssss...'
+cve-2019-16396.cob:45: error: ENVIRONMENT DIVISION header missing
+cve-2019-16396.cob:45: error: CONFIGURATION SECTION header missing
+cve-2019-16396.cob:45: error: SPECIAL-NAMES header missing
+cve-2019-16396.cob:45: error: SPECIAL-NAMES not allowed in nested programs
+cve-2019-16396.cob:45: error: syntax error, unexpected DIVISION, expecting CRT or Identifier
+cve-2019-16396.cob:46: error: word length exceeds maximum of 63 characters: '0usssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssrssssssssssssssssion'
+cve-2019-16396.cob:46: error: PROCEDURE DIVISION header missing
+cve-2019-16396.cob:46: error: invalid PROGRAM-ID '0usssssssssssssssssssssssssssss...' - length exceeds maximum
+cve-2019-16396.cob:55: error: PROCEDURE DIVISION header missing
+cve-2019-16396.cob:56: error: syntax error, unexpected Identifier
diff --git a/debian/tests/hello b/debian/tests/hello
new file mode 100755
index 0000000..15c3985
--- /dev/null
+++ b/debian/tests/hello
@@ -0,0 +1,20 @@
+#!/bin/sh
+cd $AUTOPKGTEST_TMP
+cat > HELLO.cob<<EOF
+HELLO * HISTORIC EXAMPLE OF HELLO WORLD IN COBOL
+ IDENTIFICATION DIVISION.
+ PROGRAM-ID. HELLO.
+ PROCEDURE DIVISION.
+ DISPLAY "HELLO, WORLD".
+ STOP RUN.
+EOF
+set -e
+echo "info: compiling"
+cobc HELLO.cob
+
+echo "info: running"
+if cobcrun HELLO | grep WORLD ; then
+ echo "success: Able to run hello world program"
+else
+ echo "success: Unable to run hello world program"
+fi
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 03:18:47 +0000