Overview

File 0001-Fix-possible-out-of-bounds-access-in-BitReader.patch of Package kdegraphics-mobipocket

From 866a069538a268d264cf002aa9570f97a84045da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Br=C3=BCns?= <stefan.bruens@rwth-aachen.de>
Date: Fri, 28 Feb 2025 21:58:36 +0100
Subject: [PATCH 1/4] Fix possible out-of-bounds access in BitReader

The read function access data up to data[(len + 31)/8], thus len should
reflect the size (count of bits) of the original data, without the
extra padding null characters.

SENTRY: OKULAR-AD
SENTRY: BALOO-33
SENTRY: BALOO-43Y
CCBUG: 486853
---
 lib/decompressor.cpp | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/decompressor.cpp b/lib/decompressor.cpp
index ec663c6..25051cd 100644
--- a/lib/decompressor.cpp
+++ b/lib/decompressor.cpp
@@ -56,10 +56,8 @@ public:
 class BitReader
 {
 public:
-    BitReader(const QByteArray& d) : pos(0), data(d)
-    {
+    BitReader(const QByteArray& d) : pos(0), len(d.size() * 8), data(d) {
         data.append("\000\000\000\000");    //krazy:exclude=strings
-        len=data.size()*8;
     }
     
     quint32 read() {
-- 
2.48.1
openSUSE Build Service is sponsored by
Places