File: 03-fix-a-heap-buffer-overwrite.patch

package info (click to toggle)
indent 2.2.13-8
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 4,696 kB
  • sloc: ansic: 20,903; sh: 5,035; makefile: 165; sed: 16; cpp: 5
file content (15 lines) | stat: -rw-r--r-- 556 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
From: Petr Písař <ppisar@redhat.com>
Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
Bug-Debian: https://bugs.debian.org/1049366
Forwarded: https://savannah.gnu.org/bugs/index.php?64503

--- a/src/indent.c
+++ b/src/indent.c
@@ -228,6 +228,7 @@
                  * a `dump_line' call, thus ensuring that the brace
                  * will go into the right column. */
 
+                need_chars (&save_com, 2);
                 *save_com.end++ = EOL;
                 *save_com.end++ = '{';
                 save_com.len += 2;