diff options
author | Debian Multimedia Maintainers <debian-multimedia@lists.debian.org> | 2019-02-15 06:43:22 -0500 |
---|---|---|
committer | Reinhard Tartler <siretart@tauware.de> | 2019-02-15 06:43:22 -0500 |
commit | 702781360472e7d76af5a893be66895d0bfe21a8 (patch) | |
tree | 81aa85f8da944ac5906dc8165927b3d566b43328 | |
parent | 43a1527b8925fb89ee4602b19ba9224523974466 (diff) |
CVE-2018-20760
commit 4c1360818fc8948e9307059fba4dc47ba8ad255d
Author: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Thu Dec 13 14:39:21 2018 +0100
Description: CVE-2018-20760
check error code on call to gf_utf8_wcstombs (#1177)
Gbp-Pq: Name CVE-2018-20760.patch
-rw-r--r-- | src/media_tools/text_import.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/media_tools/text_import.c b/src/media_tools/text_import.c index 9f6fb10..f111e05 100644 --- a/src/media_tools/text_import.c +++ b/src/media_tools/text_import.c @@ -292,6 +292,8 @@ char *gf_text_get_utf8_line(char *szLine, u32 lineSize, FILE *txt_in, s32 unicod } sptr = (u16 *)szLine; i = (u32) gf_utf8_wcstombs(szLineConv, 1024, (const unsigned short **) &sptr); + if (i >= (u32)ARRAY_LENGTH(szLineConv)) + return NULL; szLineConv[i] = 0; strcpy(szLine, szLineConv); /*this is ugly indeed: since input is UTF16-LE, there are many chances the fgets never reads the \0 after a \n*/ |