[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[7642] build_tags_and_nodes don't access outside of allocated buffer
|
From: |
gavinsmith0123 |
|
Subject: |
[7642] build_tags_and_nodes don't access outside of allocated buffer |
|
Date: |
Sat, 21 Jan 2017 12:20:41 -0500 (EST) |
Revision: 7642
http://svn.sv.gnu.org/viewvc/?view=rev&root=texinfo&revision=7642
Author: gavin
Date: 2017-01-21 12:20:40 -0500 (Sat, 21 Jan 2017)
Log Message:
-----------
build_tags_and_nodes don't access outside of allocated buffer
Modified Paths:
--------------
trunk/ChangeLog
trunk/info/nodes.c
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2017-01-21 17:16:29 UTC (rev 7641)
+++ trunk/ChangeLog 2017-01-21 17:20:40 UTC (rev 7642)
@@ -1,5 +1,12 @@
2017-01-21 Gavin Smith <address@hidden>
+ * info/nodes.c (build_tags_and_nodes): Check that a buffer
+ offset isn't 0 before subtracting 1 from it. This is to avoid
+ reading outside allocated memory for malformed input. (Report
+ from Hanno B\xF6ck.)
+
+2017-01-21 Gavin Smith <address@hidden>
+
* info/nodes.c (build_tags_and_nodes): Simplify code by moving
code inside a 'while' loop up one level, as the loop never
executes more than once.
Modified: trunk/info/nodes.c
===================================================================
--- trunk/info/nodes.c 2017-01-21 17:16:29 UTC (rev 7641)
+++ trunk/info/nodes.c 2017-01-21 17:20:40 UTC (rev 7642)
@@ -82,7 +82,10 @@
extracting tag information. */
/* Remember the end of the tags table. */
- tags_table_end = position - 1;
+ if (position == 0)
+ goto no_tags_table;
+ else
+ tags_table_end = position - 1;
/* Locate the start of the tags table. */
binding.start = tags_table_end;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [7642] build_tags_and_nodes don't access outside of allocated buffer,
gavinsmith0123 <=