commit 98eebd7564595b2403a8573c0725a38519546445
Author: Christian Egli <christian.egli@sbs.ch>
Date:   Fri Sep 1 15:12:30 2017 +0200

    Guard against buffer overflow in _lou_showString
    
    I believe this fixes #397 and hence CVE-2017-13743

---
 liblouis/compileTranslationTable.c |   18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -351,7 +351,7 @@ showString (widechar const *chars, int l
   int charPos;
   int bufPos = 0;
   scratchBuf[bufPos++] = '\'';
-  for (charPos = 0; charPos < length; charPos++)
+  for (charPos = 0; charPos < length && bufPos < (MAXSTRING-2); charPos++)
     {
       if (chars[charPos] >= 32 && chars[charPos] < 127)
 	scratchBuf[bufPos++] = (char) chars[charPos];
@@ -388,14 +388,14 @@ showString (widechar const *chars, int l
 	      leadingZeros = 0;
 	      break;
 	    }
-	  if ((bufPos + leadingZeros + hexLength + 4) >= sizeof (scratchBuf))
-	    break;
-	  scratchBuf[bufPos++] = '\\';
-	  scratchBuf[bufPos++] = escapeLetter;
-	  for (hexPos = 0; hexPos < leadingZeros; hexPos++)
-	    scratchBuf[bufPos++] = '0';
-	  for (hexPos = 0; hexPos < hexLength; hexPos++)
-	    scratchBuf[bufPos++] = hexbuf[hexPos];
+	  if ((bufPos + leadingZeros + hexLength + 4) < (MAXSTRING-2)) {
+	    scratchBuf[bufPos++] = '\\';
+	    scratchBuf[bufPos++] = escapeLetter;
+	    for (hexPos = 0; hexPos < leadingZeros; hexPos++)
+	      scratchBuf[bufPos++] = '0';
+	    for (hexPos = 0; hexPos < hexLength; hexPos++)
+	      scratchBuf[bufPos++] = hexbuf[hexPos];
+	  }
 	}
     }
   scratchBuf[bufPos++] = '\'';