| 1234567891011121314151617181920 |
- Subject: PR/62: spinpx: Avoid non-nul-terminated string read
- ID: CVE-2019-8904
- Origin: FILE5_35-52-g94b7501f <https://github.com/file/file/commit/FILE5_35-52-g94b7501f>
- Upstream-Author: Christos Zoulas <christos@zoulas.com>
- Date: Mon Feb 18 17:30:41 2019 +0000
- Bug-Debian: https://bugs.debian.org/922967
- --- a/src/readelf.c
- +++ b/src/readelf.c
- @@ -563,8 +563,8 @@
- }
- if (namesz == 4 && strcmp((char *)&nbuf[noff], "Go") == 0 &&
- type == NT_GO_BUILD_ID && descsz < 128) {
- - if (file_printf(ms, ", Go BuildID=%s",
- - (char *)&nbuf[doff]) == -1)
- + if (file_printf(ms, ", Go BuildID=%.*s",
- + CAST(int, descsz), CAST(char *, &nbuf[doff])) == -1)
- return -1;
- return 1;
- }
|
