Avoid reading past the end of buffer. Closes: #901351 [CVE-2018-10360]

debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch

@@ -0,0 +1,19 @@
+Subject: Avoid reading past the end of buffer (Rui Reis)
+ID: CVE-2018-10360
+Origin: FILE5_33-31-ga642587a
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Date: Sat Jun 9 16:00:06 2018 +0000
+Bug-Debian: https://bugs.debian.org/901351
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -824,7 +824,8 @@
+ 
+ 				cname = (unsigned char *)
+ 				    &nbuf[doff + prpsoffsets(i)];
+-				for (cp = cname; *cp && isprint(*cp); cp++)
++				for (cp = cname; cp < nbuf + size && *cp
++				    && isprint(*cp); cp++)
+ 					continue;
+ 				/*
+ 				 * Linux apparently appends a space at the end

debian/patches/series

@@ -25,6 +25,7 @@ cherry-pick.FILE5_30-48-gaee11eef.fix-out-of-bounds-read-found-by-oss-fuzz.patch
 cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch
 cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch
 cherry-pick.FILE5_31-36-g35c94dc6.Fix-always-true-condition-Thomas-Jarosch.patch
+cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
 
 # local modifications
 local.support-local-definitions-in-etc-magic.patch