Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
jasper
jasper-CVE-CVE-2023-51257.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jasper-CVE-CVE-2023-51257.patch of Package jasper
Index: jasper-1.900.14/src/libjasper/base/jas_icc.c =================================================================== --- jasper-1.900.14.orig/src/libjasper/base/jas_icc.c +++ jasper-1.900.14/src/libjasper/base/jas_icc.c @@ -1211,10 +1211,20 @@ static int jas_icctxt_input(jas_iccattrv { jas_icctxt_t *txt = &attrval->data.txt; txt->string = 0; + /* The string must at least contain a single null character. */ + if (cnt < 1) { + goto error; + } if (!(txt->string = jas_malloc(cnt))) goto error; if (jas_stream_read(in, txt->string, cnt) != cnt) goto error; + /* Ensure that the string is null terminated. */ + if (txt->string[cnt - 1] != '\0') { + goto error; + } + /* The following line is redundant, unless we do not enforce that + the last character must be null. */ txt->string[cnt - 1] = '\0'; if (JAS_CAST(int, strlen(txt->string)) + 1 != cnt) goto error;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
