* libc/argz/envz_merge.c (envz_merge): Fix memory leak (Cygwin Coverity

Scan CID 60023).
	* libc/ctype/iswalpha.c (iswalpha): Add bounds check to avoid
	out-of-bounds read from utf8 tables (CID 59949).
	* libc/locale/ldpart.c (__part_load_locale): Add 1 byte to size of lbuf.
	Write NUL into the last byte to accommodate split_lines (CID 60047).

newlib/ChangeLog

@@ -1,3 +1,12 @@
+2014-06-23  Corinna Vinschen  <vinschen@redhat.com>
+
+	* libc/argz/envz_merge.c (envz_merge): Fix memory leak (Cygwin Coverity
+	Scan CID 60023).
+	* libc/ctype/iswalpha.c (iswalpha): Add bounds check to avoid
+	out-of-bounds read from utf8 tables (CID 59949).
+	* libc/locale/ldpart.c (__part_load_locale): Add 1 byte to size of lbuf.
+	Write NUL into the last byte to accommodate split_lines (CID 60047).
+
 2014-06-11  Richard Earnshaw  <rearnsha@arm.com>
 
 	* libc/machine/aarch64/strchrnul.S: New file.

newlib/libc/argz/envz_merge.c

@@ -55,6 +55,7 @@ _DEFUN (envz_merge, (envz, envz_len, envz2, envz2_len, override),
             }
 
           retval = envz_add(envz, envz_len, name_str, val_str);
+          free(name_str);
         }
     }
   return retval;

newlib/libc/ctype/iswalpha.c

@@ -415,7 +415,7 @@ _DEFUN(iswalpha,(c), wint_t c)
       /* otherwise c > *ptr */
       /* look for 0x0 as next element which indicates a range */
       ++ptr;
-      if (*ptr == 0x0)
+      if (ptr < table + size - 1 && *ptr == 0x0)
 	{
 	  /* we have a range..see if c falls within range */
 	  ++ptr;

newlib/libc/locale/ldpart.c

@@ -110,7 +110,7 @@ __part_load_locale(const char *name,
 		goto bad_locale;
 	if (st.st_size <= 0)
 		goto bad_locale;
-	bufsize = namesize + st.st_size;
+	bufsize = namesize + st.st_size + 1;
 	locale_buf = NULL;
 
         if (lbuf == NULL || lbuf == locale_buf_C)
@@ -137,6 +137,7 @@ __part_load_locale(const char *name,
 	/*
 	 * Parse the locale file into localebuf.
 	 */
+	p[st.st_size] = '\0';
 	if (plim[-1] != '\n')
 		goto bad_lbuf;
 	num_lines = split_lines(p, plim);