git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Tree: b873d01ff5
Branches Tags
file
/
debian
/
patches
/
cherry-pick.FILE5_30-43-g19ccebaf.dont-copy-the-string-past-its-length-oss-fuzz.patch

cherry-pick.FILE5_30-43-g19ccebaf.dont-copy-the-string-past-its-length-oss-fuzz.patch 1.0 KB
History Raw

123456789101112131415161718192021222324252627 
  1. Subject: Don't copy the string past its length (oss-fuzz)
    2. 

  2. Origin: FILE5_30-43-g19ccebaf
    3. 

  3. Upstream-Author: Christos Zoulas <christos@zoulas.com>
    4. 

  4. Date: Sat Apr 8 20:58:03 2017 +0000
    5. 

  5. 

  6. --- a/src/readcdf.c
    7. 

  7. +++ b/src/readcdf.c
    8. 

  8. @@ -152,7 +152,7 @@
    9. 

  9.          struct timespec ts;
    10. 

  10.          char buf[64];
    11. 

  11.          const char *str = NULL;
    12. 

  12. -        const char *s;
    13. 

  13. +        const char *s, *e;
    14. 

  14.          int len;
    15. 

  15.  
    16. 

  16.          if (!NOTMIME(ms) && root_storage)
    17. 

  17. @@ -199,7 +199,9 @@
    18. 

  18.                                  if (info[i].pi_type == CDF_LENGTH32_WSTRING)
    19. 

  19.                                      k++;
    20. 

  20.                                  s = info[i].pi_str.s_buf;
    21. 

  21. -                                for (j = 0; j < sizeof(vbuf) && len--; s += k) {
    22. 

  22. +				e = info[i].pi_str.s_buf + len;
    23. 

  23. +                                for (j = 0; s < e && j < sizeof(vbuf)
    24. 

  24. +				    && len--; s += k) {
    25. 

  25.                                          if (*s == '\0')
    26. 

  26.                                                  break;
    27. 

  27.                                          if (isprint((unsigned char)*s))
    28.