simon987/antiword
1
0
Fork 0
mirror of https://github.com/simon987/antiword.git synced 2025-12-14 12:39:01 +00:00
Code Issues Projects Releases Wiki Activity

Add check for buffer overflow with malformed input files

Browse Source
This commit is contained in:
simon987
2020-11-12 17:12:03 -05:00
parent 6eed1f9389
commit 0d5bf64ccf
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/wordole.c
View File

@@ -259,6 +259,10 @@ bGetPPS(FILE *pFile,
} }
tNameSize = (size_t)usGetWord(0x40, aucBytes); tNameSize = (size_t)usGetWord(0x40, aucBytes);
tNameSize = (tNameSize + 1) / 2; tNameSize = (tNameSize + 1) / 2;
if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
werr(0, "Name Size of PPS %d is too large", iIndex);
tNameSize = sizeof(atPPSlist[iIndex].szName);
}
vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize); vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes); atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
if (atPPSlist[iIndex].ucType == 5) { if (atPPSlist[iIndex].ucType == 5) {