Commit 87ba505f authored by Jehan's avatar Jehan

Bug 790853 - (CVE-2017-17787) heap overread in psp importer.

As any external data, we have to check that strings being read at fixed
length are properly nul-terminated.

(cherry picked from commit eb298068)
parent c57f9dcf
......@@ -890,6 +890,12 @@ read_creator_block (FILE *f,
g_free (string);
return -1;
}
if (string[length - 1] != '\0')
{
g_message ("Creator keyword data not nul-terminated");
g_free (string);
return -1;
}
switch (keyword)
{
case PSP_CRTR_FLD_TITLE:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment