File liblouis-CVE-2022-31783.patch of Package liblouis.28479

Overview Repositories Revisions Requests Users Attributes Meta

File liblouis-CVE-2022-31783.patch of Package liblouis.28479

From 2e4772befb2b1c37cb4b9d6572945115ee28630a Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Wed, 25 May 2022 18:08:36 +0200
Subject: [PATCH] Prevent an invalid memory writes in compileRule

Thanks to Han Zheng for reporting it

Fixes #1214
---
diff -urp liblouis-3.11.0.orig/liblouis/compileTranslationTable.c liblouis-3.11.0/liblouis/compileTranslationTable.c
--- liblouis-3.11.0.orig/liblouis/compileTranslationTable.c	2022-06-03 10:54:40.922004569 -0500
+++ liblouis-3.11.0/liblouis/compileTranslationTable.c	2022-06-03 10:55:17.714235083 -0500
@@ -3447,12 +3447,14 @@ doOpcode:
 		case CTO_SeqAfterExpression:
 
 			if (getRuleCharsText(nested, &ruleChars, &lastToken)) {
-				for ((*table)->seqAfterExpressionLength = 0;
-						(*table)->seqAfterExpressionLength < ruleChars.length;
-						(*table)->seqAfterExpressionLength++)
-					(*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] =
-							ruleChars.chars[(*table)->seqAfterExpressionLength];
-				(*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] = 0;
+				if ((ruleChars.length + 1) > SEQPATTERNSIZE) {
+					compileError(nested, "More than %d characters", SEQPATTERNSIZE);
+					return 0;
+				}
+				for (int k = 0; k < ruleChars.length; k++)
+					(*table)->seqAfterExpression[k] = ruleChars.chars[k];
+				(*table)->seqAfterExpression[ruleChars.length] = 0;
+				(*table)->seqAfterExpressionLength = ruleChars.length;
 			}
 			break;

Places

File liblouis-CVE-2022-31783.patch of Package liblouis.28479

Places