rpms / pspp

Clone
Source Code
GIT

Files

  1.   863b840dd3607dfeb329a1ed575d6d6ccdd53d57
  2.   pspp-0002-pspp-dump-sav-Better-handle-unreasonable-variable-la.patch
Blob Blame History Raw 
From: Ben Pfaff <blp@cs.stanford.edu>
Date: Wed, 26 Sep 2018 14:04:08 -0700
Subject: [PATCH] pspp-dump-sav: Better handle unreasonable variable label
 lengths.

Bug #54725.
Thanks to Peter Lemenkov for reporting this bug.

diff --git a/utilities/pspp-dump-sav.c b/utilities/pspp-dump-sav.c
index f207d8ec..a10ff148 100644
--- a/utilities/pspp-dump-sav.c
+++ b/utilities/pspp-dump-sav.c
@@ -444,14 +444,12 @@ read_variable_record (struct sfm_reader *r)
   if (has_variable_label == 1)
     {
       long long int offset = ftello (r->file);
-      size_t len;
-      char *label;
+      enum { MAX_LABEL_LEN = 65536 };
 
-      len = read_int (r);
-
-      /* Read up to 255 bytes of label. */
-      label = xmalloc (len + 1);
-      read_string (r, label, len + 1);
+      size_t len = read_int (r);
+      size_t read_len = MIN (MAX_LABEL_LEN, len);
+      char *label = xmalloc (read_len + 1);
+      read_string (r, label, read_len + 1);
       printf("\t%08llx Variable label: \"%s\"\n", offset, label);
       free (label);
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.