jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
void-packages/srcpkgs/antiword/patches/10_fix_buffer_overflow_wordole_c.patch
Duncaen e00c13e448 New package: antiword-0.37
2015-12-03 18:41:22 +01:00

19 lines
705 B
Diff
Raw Blame History

Description: Add check for buffer overflow with malformed input files
Author: <eriks@debian.org>
Bug-Debian: http://bugs.debian.org/407015
Last-Update: 2009-06-03
--- wordole.c 2005-08-26 21:49:57.000000000 +0200
+++ wordole.c 2009-06-03 22:31:15.948014682 +0200
@@ -259,6 +259,10 @@
}
tNameSize = (size_t)usGetWord(0x40, aucBytes);
tNameSize = (tNameSize + 1) / 2;
+ if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
+ werr(0, "Name Size of PPS %d is too large", iIndex);
+ tNameSize = sizeof(atPPSlist[iIndex].szName);
+ }
vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
if (atPPSlist[iIndex].ucType == 5) {
Reference in a new issue View git blame Copy permalink