Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
opencc
OpenCC-bsc1108310_CVE-2018-16982_BinaryDict_may...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File OpenCC-bsc1108310_CVE-2018-16982_BinaryDict_may_have_out-of-bounds_keyOffset_and_valueOffset_values.patch of Package opencc
diff -Nura OpenCC-ver.1.0.5/src/BinaryDict.cpp OpenCC-ver.1.0.5_new/src/BinaryDict.cpp --- OpenCC-ver.1.0.5/src/BinaryDict.cpp 2017-02-07 06:18:02.000000000 +0800 +++ OpenCC-ver.1.0.5_new/src/BinaryDict.cpp 2022-10-28 14:47:26.261888255 +0800 @@ -63,6 +63,12 @@ } BinaryDictPtr BinaryDict::NewFromFile(FILE* fp) { + size_t offsetBound, savedOffset; + savedOffset = ftell(fp); + fseek(fp, 0L, SEEK_END); + offsetBound = ftell(fp) - savedOffset; + fseek(fp, savedOffset, SEEK_SET); + BinaryDictPtr dict(new BinaryDict(LexiconPtr(new Lexicon))); // Number of items @@ -109,7 +115,7 @@ // Key offset size_t keyOffset; unitsRead = fread(&keyOffset, sizeof(size_t), 1, fp); - if (unitsRead != 1) { + if (unitsRead != 1 || keyOffset >= offsetBound) { throw InvalidFormat("Invalid OpenCC binary dictionary (keyOffset)"); } const char* key = dict->keyBuffer.c_str() + keyOffset; @@ -118,7 +124,7 @@ for (size_t j = 0; j < numValues; j++) { size_t valueOffset; unitsRead = fread(&valueOffset, sizeof(size_t), 1, fp); - if (unitsRead != 1) { + if (unitsRead != 1 || valueOffset >= offsetBound) { throw InvalidFormat("Invalid OpenCC binary dictionary (valueOffset)"); } const char* value = dict->valueBuffer.c_str() + valueOffset;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
