autotrace CVE-2016-7392
Hello,
Have had a look at CVE-2016-7392 in autotrace, from a quick glance at
source code, the code does:
XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1);
Which I believe is the same as:
XMALLOC(pstoedit_suffix_table, (sizeof(char *) * 2 * (dd_tmp - dd_start)) + 1);
i.e. the code leaves room for one byte at the end. However we store a
(char *) at the very end. Which I think might be more then one byte:
pstoedit_suffix_table[2 * (dd_tmp - dd_start)] = NULL;
So possibly that expression should be:
XMALLOC(pstoedit_suffix_table, (sizeof(char *) * 2 * (dd_tmp - dd_start)) + (sizeof(char *)));
Regards
--
Brian May <brian@linuxpenguins.xyz>
https://linuxpenguins.xyz/brian/
Reply to: