1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From db8fc1057e38839adc04e263fe255ce86cab9fa7 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Sat, 12 Feb 2022 13:46:28 -0500
Subject: [PATCH] Avoid reading out of bounds of the i18ntable
If the i18ntable was smaller than the i18nstring entry an out of bounds
read could result. This should not happen in a valid package, but even
if RPM rejected such packages during load, this situation could still
result as a result of usage of the RPM API.
---
lib/header.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/header.c b/lib/header.c
index 098ea5d..c939006 100644
--- a/lib/header.c
+++ b/lib/header.c
@@ -1311,7 +1311,7 @@ static int copyI18NEntry(Header h, indexEntry entry, rpmtd td,
/* For each entry in the header ... */
for (langNum = 0, t = table->data, ed = entry->data;
- langNum < entry->info.count;
+ langNum < entry->info.count && langNum < table->info.count;
langNum++, t += strlen(t) + 1, ed += strlen(ed) + 1) {
int match = headerMatchLocale(t, l, le);
--
1.8.3.1
|
