From 295a4b77f07f14602eeaa371f00ddbf09910c82b Mon Sep 17 00:00:00 2001 From: ailin-nemui Date: Wed, 14 Sep 2016 13:37:29 +0200 Subject: Patches for heap corruption and missing bounds check By Gabriel Campana and Adrien Guinet from Quarkslab. --- src/fe-common/core/formats.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/fe-common/core/formats.c b/src/fe-common/core/formats.c index 3e88426f..9aa7698d 100644 --- a/src/fe-common/core/formats.c +++ b/src/fe-common/core/formats.c @@ -131,6 +131,8 @@ void unformat_24bit_color(char **ptr, int off, int *fgcolor, int *bgcolor, int * unsigned char rgbx[4]; unsigned int i; for (i = 0; i < 4; ++i) { + if ((*ptr)[i + off] == '\0') + return; rgbx[i] = (*ptr)[i + off]; } rgbx[3] -= 0x20; @@ -1341,6 +1343,9 @@ void format_send_to_gui(TEXT_DEST_REC *dest, const char *text) bgcolor = *ptr==(char)0xff ? -1 : *ptr-'0'; } } + if (*ptr == '\0') + break; + ptr++; break; case 6: -- cgit v1.2.3