Avoid reading past the end of buffer. Closes: #901351 [CVE-2018-10360]

debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch

@@ -0,0 +1,18 @@
+Subject: Avoid reading past the end of buffer (Rui Reis)
+Origin: FILE5_33-31-ga642587a
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Date: Sat Jun 9 16:00:06 2018 +0000
+Bug-Debian: https://bugs.debian.org/901351
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -825,7 +825,8 @@
+ 
+ 				cname = (unsigned char *)
+ 				    &nbuf[doff + prpsoffsets(i)];
+-				for (cp = cname; *cp && isprint(*cp); cp++)
++				for (cp = cname; cp < nbuf + size && *cp
++				    && isprint(*cp); cp++)
+ 					continue;
+ 				/*
+ 				 * Linux apparently appends a space at the end

debian/patches/series

@@ -1,6 +1,7 @@
 # cherry-picked commits. Keep in upstream's chronological order
 cherry-pick.FILE5_33-2-g35c46552.fix-cast.patch
 cherry-pick.FILE5_33-3-g4a870863.bump-gif-to-beat-mbr-from-kamil-dudka.patch
+cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
 
 # patches that should go upstream
 upstream.coff-amd64.patch