From: Michael R Sweet Date: Sun, 8 Dec 2019 14:00:26 -0500 Subject: Fix a buffer underflow issue with GCC on Linux (Issue #360) CVE-2019-19630 Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c Bug: https://github.com/michaelrsweet/htmldoc/issues/370 Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2019-19630 --- htmldoc/ps-pdf.cxx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htmldoc/ps-pdf.cxx b/htmldoc/ps-pdf.cxx index 78a0183..5d96591 100644 --- a/htmldoc/ps-pdf.cxx +++ b/htmldoc/ps-pdf.cxx @@ -3721,7 +3721,9 @@ render_contents(tree_t *t, /* I - Tree to parse */ nptr < (number + sizeof(number) - 1) && width < right; width += dot_width) *nptr++ = '.'; - nptr --; + + if (nptr > number) + nptr --; strlcpy((char *)nptr, pages[hpage].page_text, sizeof(number) - (size_t)(nptr - number));