Fix a buffer overflow (#311)

It happens if raw_str_used underflows and ends up a very large number, which is then used as the size of a string. Closes #285.
WizardMac · Feb 17, 2024 · c7baae7 · c7baae7
1 parent 38d4418
commit c7baae7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/spss/readstat_sav_read.c b/src/spss/readstat_sav_read.c
@@ -717,7 +717,7 @@ static readstat_error_t sav_process_row(unsigned char *buffer, size_t buffer_len
             }
             if (++offset == col_info->width) {
                 if (++segment_offset < var_info->n_segments) {
-                    raw_str_used--;
+                    if (raw_str_used > 0) raw_str_used--;
                 }
                 offset = 0;
                 col++;