Fix stack buffer overflows reported in gentoo bug 543310 #2
Commits on Oct 27, 2019
-
bdeltaReconstructDCBuff: validate int_size
The int_size must be in the range 1 to 4 in order to avoid BUFF_SIZE overflow or a negative left shift. Bug: https://bugs.gentoo.org/543310 Reported-by: Aidan Thornton <makosoft@googlemail.com> Signed-off-by: Zac Medico <zmedico@gentoo.org>
-
gdiffReconstructDCBuff: increase buff_size from 5 to 13
The buff_size must be at least 13 in order to accomodate cread and readUBytesBE calls relative to buff + 1 with ob = 8 and lb = 4. Bug: https://bugs.gentoo.org/543310 Reported-by: Aidan Thornton <makosoft@googlemail.com> Signed-off-by: Zac Medico <zmedico@gentoo.org>
-
Since buff points to a 32-byte stack buffer, count must not exceed 31. Bug: https://bugs.gentoo.org/543310 Reported-by: Aidan Thornton <makosoft@googlemail.com> Signed-off-by: Zac Medico <zmedico@gentoo.org>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.