1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
From edf8ee00197e5a9b062554bdca00fe1617d257a4 Mon Sep 17 00:00:00 2001
From: Mike Gorse <mgorse@suse.com>
Date: Tue, 29 Aug 2017 16:55:29 -0500
Subject: [PATCH] Fix possible out-of-bounds write from a \ followed by
multiple newlines
Fixes CVE-2017-13738 and CVE-2017-13744.
Index: liblouis-3.0.0/liblouis/compileTranslationTable.c
===================================================================
--- liblouis-3.0.0.orig/liblouis/compileTranslationTable.c
+++ liblouis-3.0.0/liblouis/compileTranslationTable.c
@@ -573,6 +573,7 @@ getALine (FileInfo * nested)
if (pch == '\\' && ch == 10)
{
nested->linelen--;
+ pch = ch;
continue;
}
if (ch == 10 || nested->linelen >= MAXSTRING)
|
