Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
liblouis.28567
CVE-2018-11410.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-11410.patch of Package liblouis.28567
From ed6b00aea08005945c9ae8a4a4503acc43f3a844 Mon Sep 17 00:00:00 2001 From: Samuel Thibault <samuel.thibault@labri.fr> Date: Fri, 25 May 2018 10:25:33 +0200 Subject: [PATCH] Fix a buffer overflow in table parsing Fixes #573 Rebased by Mike Gorse <mgorse@suse.com> --- diff -urp liblouis-3.3.0.orig/liblouis/pattern.c liblouis-3.3.0/liblouis/pattern.c --- liblouis-3.3.0.orig/liblouis/pattern.c 2017-09-04 09:40:14.000000000 -0500 +++ liblouis-3.3.0/liblouis/pattern.c 2018-08-07 16:31:10.603913506 -0500 @@ -744,6 +744,8 @@ static int pattern_compile_expression(co if(!pattern_compile_expression(input, input_max, input_crs, expr_data, expr_max, expr_crs, loop_cnts)) return 0; + if (*expr_crs + 3 >= expr_max) return 0; + EXPR_NXT(expr_sub) = *expr_crs; /* create end expression */ @@ -756,7 +758,7 @@ static int pattern_compile_expression(co case '+': - if(*expr_crs + 4 >= expr_max) + if(*expr_crs + 5 >= expr_max) return 0; EXPR_TYPE(*expr_crs) = PTN_ONE_MORE; EXPR_DATA_1(*expr_crs) = (*loop_cnts)++; @@ -765,7 +767,7 @@ static int pattern_compile_expression(co case '*': - if(*expr_crs + 4 >= expr_max) + if(*expr_crs + 5 >= expr_max) return 0; EXPR_TYPE(*expr_crs) = PTN_ZERO_MORE; EXPR_DATA_1(*expr_crs) = (*loop_cnts)++;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor