1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From 0806bc76ca74543d20e1307ccf6aebd26395c56c Mon Sep 17 00:00:00 2001
From: Alx Sa <cmyk.student@gmail.com>
Date: Mon, 10 Mar 2025 04:07:44 +0000
Subject: [PATCH] plug-ins: Fix ZDI-CAN-25100 for FLI plug-in
Resolves #13073
This patch adds a check to make sure we're not
writing beyond the bounds of the "pos" array.
This is the same check that we do earlier when
writing pos[xc++], but it was left off of the last
write command. Since "n" will be 0 if we get to the
end of the array, it prevents us from writing beyond
that.
---
plug-ins/file-fli/fli.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
index 85dcc994395..1aba31e8f90 100644
--- a/plug-ins/file-fli/fli.c
+++ b/plug-ins/file-fli/fli.c
@@ -1529,7 +1529,7 @@ fli_read_lc_2 (FILE *f,
xc += len << 1;
}
}
- if (lpf)
+ if (lpf && xc < n)
pos[xc] = lpn;
yc++;
}
--
GitLab
|
