File liblouis-CVE-2023-26768.patch of Package liblouis.28562

diff -Nura liblouis-3.11.0/liblouis/logging.c liblouis-3.11.0_new/liblouis/logging.c
--- liblouis-3.11.0/liblouis/logging.c	2019-08-28 17:08:44.000000000 +0800
+++ liblouis-3.11.0_new/liblouis/logging.c	2023-04-06 17:46:57.037949828 +0800
@@ -117,8 +117,10 @@
 	}
 }
 
+#define FILENAMESIZE 256
+
 static FILE *logFile = NULL;
-static char initialLogFileName[256] = "";
+static char initialLogFileName[FILENAMESIZE] = "";
 
 void EXPORT_CALL
 lou_logFile(const char *fileName) {
@@ -126,7 +128,7 @@
 		fclose(logFile);
 		logFile = NULL;
 	}
-	if (fileName == NULL || fileName[0] == 0) return;
+        if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= FILENAMESIZE) return;
 	if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
 	logFile = fopen(fileName, "a");
 	if (logFile == NULL && initialLogFileName[0] != 0)

Places

File liblouis-CVE-2023-26768.patch of Package liblouis.28562

Places