Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix potential heap buffer corruption due to Strgrow #27

Merged
merged 1 commit into from
Sep 2, 2016

Conversation

kcwu
Copy link
Contributor

@kcwu kcwu commented Aug 31, 2016

If Str.length = 5 and area_size = 6, the result of Strgrow is still
area_size = 6. For such case, Strcat_char and Strinsert_char will
overflow one byte.

If Str.length = 5 and area_size = 6, the result of Strgrow is still
area_size = 6. For such case, Strcat_char and Strinsert_char will
overflow one byte.
@tats tats merged commit d43527c into tats:master Sep 2, 2016
@tats
Copy link
Owner

tats commented Sep 2, 2016

Merged, thank you.

@kcwu kcwu deleted the fix-strgrow branch November 22, 2016 06:02
tats pushed a commit that referenced this pull request Dec 18, 2016
If Str.length = 5 and area_size = 6, the result of Strgrow is still
area_size = 6. For such case, Strcat_char and Strinsert_char will
overflow one byte.

Bug-Debian: #27 [CVE-2016-9442]
Origin: c95a43d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants