commit 71aa4223b2770a9243ddc86457bcd2fdcf47d922
parent b933ab4aa3447ed94701b8fb013f1c765f3375dc
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 15 Oct 2017 19:59:51 +0200
fix potential buffer underflow read in deb_extractor
Diffstat:
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -3,7 +3,8 @@ Sun Oct 15 19:36:41 CEST 2017
Fix potential assign-after-free (on IPC error handling path).
Make sure to only pass "unsigned char" to functions like isspace().
Avoid malloc(0) in DEB extractor under certain conditions.
- Properly initialize 'duration' in ffmpeg extractor. -CG
+ Properly initialize 'duration' in ffmpeg extractor.
+ Fix potential buffer underflow read in DEB extractor. -CG
Fri Oct 13 12:30:37 CEST 2017
Properly check read error in NSF plugin (from signedness confusion) found by Leon Zhao. -CG
diff --git a/src/plugins/deb_extractor.c b/src/plugins/deb_extractor.c
@@ -365,6 +365,8 @@ processControlTGZ (struct EXTRACTOR_ExtractContext *ec,
return 0;
if (0 == size)
return 0;
+ if (size < 4)
+ return 0;
if (NULL == (cdata = malloc (size)))
return 0;
off = 0;
@@ -375,7 +377,9 @@ processControlTGZ (struct EXTRACTOR_ExtractContext *ec,
free (cdata);
return 0;
}
- memcpy (&cdata[off], data, sret);
+ memcpy (&cdata[off],
+ data,
+ sret);
off += sret;
}
bufSize = cdata[size - 4] + (cdata[size - 3] << 8) + (cdata[size - 2] << 16) + (cdata[size - 1] << 24);
