Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
patch 9.0.1847: [security] potential oob write in do_addsub()
Problem:  potential oob write in do_addsub()
Solution: don't overflow buf2, check size in for loop()

Signed-off-by: Christian Brabandt <cb@256bit.org>
  • Loading branch information
chrisbra committed Sep 2, 2023
1 parent 4c6fe2e commit 889f6af
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/ops.c
Expand Up @@ -2919,7 +2919,7 @@ do_addsub(
for (bit = bits; bit > 0; bit--)
if ((n >> (bit - 1)) & 0x1) break;

for (i = 0; bit > 0; bit--)
for (i = 0; bit > 0 && i < (NUMBUFLEN - 1); bit--)
buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0';

buf2[i] = '\0';
Expand Down
2 changes: 2 additions & 0 deletions src/version.c
Expand Up @@ -699,6 +699,8 @@ static char *(features[]) =

static int included_patches[] =
{ /* Add new patch number below this line */
/**/
1847,
/**/
1846,
/**/
Expand Down

0 comments on commit 889f6af

Please sign in to comment.