File liblouis-CVE-2022-31783.patch of Package liblouis.24590

Overview Repositories Revisions Requests Users Attributes Meta

File liblouis-CVE-2022-31783.patch of Package liblouis.24590

From 2e4772befb2b1c37cb4b9d6572945115ee28630a Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Wed, 25 May 2022 18:08:36 +0200
Subject: [PATCH] Prevent an invalid memory writes in compileRule

Thanks to Han Zheng for reporting it

Fixes #1214
---
diff -urp liblouis-3.3.0.orig/liblouis/compileTranslationTable.c liblouis-3.3.0/liblouis/compileTranslationTable.c
--- liblouis-3.3.0.orig/liblouis/compileTranslationTable.c	2022-06-03 16:34:05.029020187 -0500
+++ liblouis-3.3.0/liblouis/compileTranslationTable.c	2022-06-06 11:12:45.025124772 -0500
@@ -4620,9 +4620,14 @@ doOpcode:
 
       if (getRuleCharsText(nested, &ruleChars, &lastToken))
 	{
-	  for(table->seqAfterExpressionLength = 0; table->seqAfterExpressionLength < ruleChars.length; table->seqAfterExpressionLength++)
-	    table->seqAfterExpression[table->seqAfterExpressionLength] = ruleChars.chars[table->seqAfterExpressionLength];
-	  table->seqAfterExpression[table->seqAfterExpressionLength] = 0;
+				if ((ruleChars.length + 1) > SEQPATTERNSIZE) {
+					compileError(nested, "More than %d characters", SEQPATTERNSIZE);
+					return 0;
+				}
+				for (int k = 0; k < ruleChars.length; k++)
+					table->seqAfterExpression[k] = ruleChars.chars[k];
+				table->seqAfterExpression[ruleChars.length] = 0;
+				table->seqAfterExpressionLength = ruleChars.length;
 	}
       break;

Places

File liblouis-CVE-2022-31783.patch of Package liblouis.24590

Places