Red Hat Bugzilla – Bug 88099
buffer underrun in read_input_file/gencat.c
Last modified: 2016-11-24 10:02:38 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
Description of problem:
gencat -H references memory just below a malloc()ed block. act_len can get
decremented to zero, not tested, yet used to index buf[act_len -1].
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Run catgets testcase: gencat -H test-gencat.h < sample.SJIS
with a breakpoint at gencat.c:336:
if (buf[act_len - 1] == '\n')
/* There might be more than one backslash at the end of
the line. Only if there is an odd number of them is
the line continued. */
if (buf[act_len - 1] == '\\') ### act_len can be 0
2. Observe the case when 0==act_len and a reference is made to buf[act_len -1].
Actual Results: 'buf' is referenced at index -1, which is outside the bounds of
a malloc()ed block.
Expected Results: No reference outside the bounds of a malloc()ed block.
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.