1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
|
commit 4417bad83df4481ed58419b28c5c91b9649e2a86
Author: Christian Egli <christian.egli@sbs.ch>
Date: Wed May 30 16:47:10 2018 +0200
Fix another buffer overflow in table parsing reported by Henri Salo
Fixes #575 and CVE-2018-11440
---
liblouis/compileTranslationTable.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -1523,6 +1523,10 @@ parseChars (FileInfo * nested, CharsStri
{
if (in >= MAXSTRING)
break;
+ if (out >= MAXSTRING) {
+ result->length = lastOutSize;
+ return 1;
+ }
if (token->chars[in] < 128 || (token->chars[in] & 0x0040))
{
compileWarning (nested, "invalid UTF-8. Assuming Latin-1.");
|