30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
|
From db8fc1057e38839adc04e263fe255ce86cab9fa7 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Demi Marie Obenour <demi@invisiblethingslab.com>
|
||
|
|
Date: Sat, 12 Feb 2022 13:46:28 -0500
|
||
|
|
Subject: [PATCH] Avoid reading out of bounds of the i18ntable
|
||
|
|
|
||
|
|
If the i18ntable was smaller than the i18nstring entry an out of bounds
|
||
|
|
read could result. This should not happen in a valid package, but even
|
||
|
|
if RPM rejected such packages during load, this situation could still
|
||
|
|
result as a result of usage of the RPM API.
|
||
|
|
---
|
||
|
|
lib/header.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/lib/header.c b/lib/header.c
|
||
|
|
index 098ea5d..c939006 100644
|
||
|
|
--- a/lib/header.c
|
||
|
|
+++ b/lib/header.c
|
||
|
|
@@ -1311,7 +1311,7 @@ static int copyI18NEntry(Header h, indexEntry entry, rpmtd td,
|
||
|
|
|
||
|
|
/* For each entry in the header ... */
|
||
|
|
for (langNum = 0, t = table->data, ed = entry->data;
|
||
|
|
- langNum < entry->info.count;
|
||
|
|
+ langNum < entry->info.count && langNum < table->info.count;
|
||
|
|
langNum++, t += strlen(t) + 1, ed += strlen(ed) + 1) {
|
||
|
|
|
||
|
|
int match = headerMatchLocale(t, l, le);
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|