Subject: Avoid reading past the end of buffer (Rui Reis) ID: CVE-2018-10360 Origin: FILE5_33-31-ga642587a Upstream-Author: Christos Zoulas Date: Sat Jun 9 16:00:06 2018 +0000 Bug-Debian: https://bugs.debian.org/901351 --- a/src/readelf.c +++ b/src/readelf.c @@ -824,7 +824,8 @@ cname = (unsigned char *) &nbuf[doff + prpsoffsets(i)]; - for (cp = cname; *cp && isprint(*cp); cp++) + for (cp = cname; cp < nbuf + size && *cp + && isprint(*cp); cp++) continue; /* * Linux apparently appends a space at the end