| blob | ebf2f0900d98f1ffb02264f23e34220fa1fb670d |
1 Description: Add check for buffer overflow with malformed input files
2 Author: <eriks@debian.org>
3 Bug-Debian: http://bugs.debian.org/407015
4 Last-Update: 2009-06-03
6 --- antiword-0.37~/wordole.c 2005-08-26 21:49:57.000000000 +0200
7 +++ antiword-0.37/wordole.c 2009-06-03 22:31:15.948014682 +0200
8 @@ -259,6 +259,10 @@
9 }
10 tNameSize = (size_t)usGetWord(0x40, aucBytes);
11 tNameSize = (tNameSize + 1) / 2;
12 + if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
13 + werr(0, "Name Size of PPS %d is too large", iIndex);
14 + tNameSize = sizeof(atPPSlist[iIndex].szName);
15 + }
16 vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
17 atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
18 if (atPPSlist[iIndex].ucType == 5) {