1. photon
  2. SPECS
  3. file
  4. 0001-Avoid-reading-past-the-end-of-buffer-Rui-Reis.patch
Raw Blame History 
From a642587a9c9e2dd7feacdf513c3643ce26ad3c22 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Sat, 9 Jun 2018 16:00:06 +0000
Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)

---
diff --git a/src/readelf.c b/src/readelf.c
index 6738942..56f13f4 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -27,7 +27,7 @@
 #include "file.h"
 
 #ifndef lint
-FILE_RCSID("@(#)$File: readelf.c,v 1.130 2017/01/29 19:34:24 christos Exp $")
+FILE_RCSID("@(#)$File: readelf.c,v 1.143 2018/06/09 16:00:06 christos Exp $")
 #endif
 
 #ifdef BUILTIN_ELF
@@ -824,7 +824,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
 
 				cname = (unsigned char *)
 				    &nbuf[doff + prpsoffsets(i)];
-				for (cp = cname; *cp && isprint(*cp); cp++)
+				for (cp = cname; cp < nbuf + size && *cp
+                                    && isprint(*cp); cp++)
 					continue;
 				/*
 				 * Linux apparently appends a space at the end