diff options
| author | ailin-nemui <ailin-nemui@users.noreply.github.com> | 2016-09-14 13:37:29 +0200 |
|---|---|---|
| committer | ailin-nemui <ailin-nemui@users.noreply.github.com> | 2016-09-20 19:56:06 +0200 |
| commit | 295a4b77f07f14602eeaa371f00ddbf09910c82b (patch) | |
| tree | 58e5f79c5388c60df95748ff81c89c6a42053483 /src | |
| parent | 20b5d4d9826add4f1fc6949a0b1406953fa7bacb (diff) | |
| download | irssi-295a4b77f07f14602eeaa371f00ddbf09910c82b.zip | |
Patches for heap corruption and missing bounds check
By Gabriel Campana and Adrien Guinet from Quarkslab.
Diffstat (limited to 'src')
| -rw-r--r-- | src/fe-common/core/formats.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/fe-common/core/formats.c b/src/fe-common/core/formats.c index 3e88426f..9aa7698d 100644 --- a/src/fe-common/core/formats.c +++ b/src/fe-common/core/formats.c @@ -131,6 +131,8 @@ void unformat_24bit_color(char **ptr, int off, int *fgcolor, int *bgcolor, int * unsigned char rgbx[4]; unsigned int i; for (i = 0; i < 4; ++i) { + if ((*ptr)[i + off] == '\0') + return; rgbx[i] = (*ptr)[i + off]; } rgbx[3] -= 0x20; @@ -1341,6 +1343,9 @@ void format_send_to_gui(TEXT_DEST_REC *dest, const char *text) bgcolor = *ptr==(char)0xff ? -1 : *ptr-'0'; } } + if (*ptr == '\0') + break; + ptr++; break; case 6: |