[Libguestfs] [hivex PATCH 4/5] hivex_value_multiple_strings: Don't read uninitialized data.
Jim Meyering
jim at meyering.net
Wed Apr 13 14:01:45 UTC 2011
Richard W.M. Jones wrote:
> Subject: [PATCH 4/5] hivex_value_multiple_strings: Don't read uninitialized data.
>
> If hivex_value_multiple_strings was given a value which had an odd
> length or if the data in the value was unterminated,
> hivex_value_multiple_strings could read uninitialized data.
>
> Potentially (although very unlikely) this could cause a
> non-exploitable segfault in the calling program.
> ---
> lib/hivex.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/lib/hivex.c b/lib/hivex.c
> index 71ea5c3..d2ab23d 100644
> --- a/lib/hivex.c
> +++ b/lib/hivex.c
> @@ -1421,7 +1421,8 @@ hivex_value_multiple_strings (hive_h *h, hive_value_h value)
> char *p = data;
> size_t plen;
>
> - while (p < data + len && (plen = utf16_string_len_in_bytes (p)) > 0) {
> + while (p < data + len &&
> + (plen = utf16_string_len_in_bytes_max (p, data + len - p)) > 0) {
> nr_strings++;
> char **ret2 = realloc (ret, (1 + nr_strings) * sizeof (char *));
> if (ret2 == NULL) {
That looks correct.
More information about the Libguestfs
mailing list