Subject: Avoid OOB read (found by ASAN reported by F. Alonso) ID: CVE-2019-8906 Origin: FILE5_35-31-g2858eaf9 Upstream-Author: Christos Zoulas Date: Wed Jan 2 19:44:14 2019 +0000 Bug-Debian: https://bugs.debian.org/922969 --- a/src/readelf.c +++ b/src/readelf.c @@ -752,7 +752,7 @@ char sbuf[512]; struct NetBSD_elfcore_procinfo pi; memset(&pi, 0, sizeof(pi)); - memcpy(&pi, nbuf + doff, descsz); + memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi))); if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, " "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",