From 0d5bf64ccf1744d5c2966a88ad0c04dee6a09fbb Mon Sep 17 00:00:00 2001
From: simon987 <me@simon987.net>
Date: Thu, 12 Nov 2020 17:12:03 -0500
Subject: [PATCH] Add check for buffer overflow with malformed input files

---
 src/wordole.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/wordole.c b/src/wordole.c
index 8a95fb9..539669f 100644
--- a/src/wordole.c
+++ b/src/wordole.c
@@ -259,6 +259,10 @@ bGetPPS(FILE *pFile,
 		}
 		tNameSize = (size_t)usGetWord(0x40, aucBytes);
 		tNameSize = (tNameSize + 1) / 2;
+		if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
+			werr(0, "Name Size of PPS %d is too large", iIndex);
+			tNameSize = sizeof(atPPSlist[iIndex].szName);
+		}
 		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
 		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
 		if (atPPSlist[iIndex].ucType == 5) {