Avoid reading past the end of buffer. Closes: #901351 [CVE-2018-10360]

debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch

@@ -0,0 +1,19 @@
+Subject: Avoid reading past the end of buffer (Rui Reis)
+ID: CVE-2018-10360
+Origin: FILE5_33-31-ga642587a
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Date: Sat Jun 9 16:00:06 2018 +0000
+Bug-Debian: https://bugs.debian.org/901351
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -789,7 +789,8 @@
+ 
+ 				cname = (unsigned char *)
+ 				    &nbuf[doff + prpsoffsets(i)];
+-				for (cp = cname; *cp && isprint(*cp); cp++)
++				for (cp = cname; cp < nbuf + size && *cp
++				    && isprint(*cp); cp++)
+ 					continue;
+ 				/*
+ 				 * Linux apparently appends a space at the end

debian/patches/series

@@ -15,3 +15,4 @@ cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch
 CVE-2015-8865.6713ca4.patch
 cherry-pick.FILE5_24-31-g3aa35aa.dont-leak-memory-when-loading-non-compiled-files.patch
 cherry-pick.FILE5_28-42-g10ee4ec.pr-569-shi-yin-fix-memory-leak.patch
+cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch