| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- Author: Fabian Greffrath <fabian+debian@greffrath.com>
- Description: Fix a stack corruption while trying to verify integrity
- of a fuzzed file. Thanks again, Jakub Wilk.
- Bug-Debian: https://bugs.debian.org/775134
- --- a/source/base/all/uninorm/uninorm.c
- +++ b/source/base/all/uninorm/uninorm.c
- @@ -36,6 +36,9 @@ INT BASE_UNINORM_CP850ToUTF8NFC(UCHAR *c
- UINT Unicode[BASE_LFN_MAXLEN+1], Normalized[BASE_LFN_MAXLEN+1], *destptr = Unicode;
- UCHAR *srcptr = cp850String, *resultstr = cp850String;
-
- + if ((UINT) len >= BASE_LFN_MAXLEN)
- + len = BASE_LFN_MAXLEN - 1;
- +
- srcptr[len] = 0;
- /* First, convert that DOS CP850 encoded String to Unicode */
- while (*srcptr)
- @@ -48,6 +51,7 @@ INT BASE_UNINORM_CP850ToUTF8NFC(UCHAR *c
- /* Then normalize and return UTF-8 encoded in place of the input string */
- normalize_nfc(Normalized, Unicode);
- encode_utf8(resultstr, Normalized);
- + resultstr[len] = 0;
-
-
- return strlen(resultstr);
- --- a/source/base/all/uninorm/unincore.c
- +++ b/source/base/all/uninorm/unincore.c
- @@ -17,6 +17,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- +#include "base/all/includes.h" /* BASE_LFN_MAXLEN */
- #include "unidata.h"
-
- /* Hangul constants */
- @@ -33,7 +34,7 @@
-
- /* convenience null */
- #define null 0
- -#define MAX_FILENAME_SIZE 2048
- +#define MAX_FILENAME_SIZE BASE_LFN_MAXLEN
-
-
- /**
- @@ -367,7 +368,7 @@ void canonical_decomposition(uint *buf,
- uint temp[MAX_FILENAME_SIZE];
- temp[0] = null;
-
- - for (i = 0; i < length; ++i)
- + for (i = 0; i < length && pos < MAX_FILENAME_SIZE; ++i)
- {
- decompose_recursive(temp, str[i]);
- len = istrlen(temp);
- @@ -458,7 +459,7 @@ void encode_utf8(char *buf, uint *str)
- int i, j = 0;
- int len = istrlen(str);
-
- - for (i = 0; i < len; ++i)
- + for (i = 0; i < len && j < MAX_FILENAME_SIZE; ++i)
- {
- uint c = str[i];
-
|
