Overview

File fix-out-of-bounds-access.patch of Package patch.24317

From: Hanno Boeck <hanno@gentoo.org>
Date: Wed, 10 Aug 2016 00:06:41 +0200
Subject: Fix out-of-bounds access to lines in a patch
Patch-mainline: v2.7.6
Git-commit: a0d7fe4589651c64bd16ddaaa634030bb0455866
References: bsc#1080918, CVE-2016-10713

This bug can trigger with malformed patches.
* src/pch.c (pch_write_line): Avoid out-of-bounds access to
p_line[line][p_len[line] - 1] when p_len[line] is 0.

---
 src/pch.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/src/pch.c
+++ b/src/pch.c
@@ -2275,7 +2275,7 @@ pfetch (lin line)
 bool
 pch_write_line (lin line, FILE *file)
 {
-  bool after_newline = p_line[line][p_len[line] - 1] == '\n';
+  bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
   if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
     write_fatal ();
   return after_newline;
openSUSE Build Service is sponsored by
Places