File liblouis-CVE-2022-31783.patch of Package liblouis.33555

Overview Repositories Revisions Requests Users Attributes Meta

File liblouis-CVE-2022-31783.patch of Package liblouis.33555

From 2e4772befb2b1c37cb4b9d6572945115ee28630a Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Wed, 25 May 2022 18:08:36 +0200
Subject: [PATCH] Prevent an invalid memory writes in compileRule

Thanks to Han Zheng for reporting it

Fixes #1214
---
 liblouis/compileTranslationTable.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
index 482ff1a6..43785245 100644
--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -3821,12 +3821,14 @@ doOpcode:
 
 		case CTO_SeqAfterExpression:
 			if (!getRuleCharsText(file, &ruleChars)) return 0;
-			for ((*table)->seqAfterExpressionLength = 0;
-					(*table)->seqAfterExpressionLength < ruleChars.length;
-					(*table)->seqAfterExpressionLength++)
-				(*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] =
-						ruleChars.chars[(*table)->seqAfterExpressionLength];
-			(*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] = 0;
+			if ((ruleChars.length + 1) > SEQPATTERNSIZE) {
+				compileError(file, "More than %d characters", SEQPATTERNSIZE);
+				return 0;
+			}
+			for (int k = 0; k < ruleChars.length; k++)
+				(*table)->seqAfterExpression[k] = ruleChars.chars[k];
+			(*table)->seqAfterExpression[ruleChars.length] = 0;
+			(*table)->seqAfterExpressionLength = ruleChars.length;
 			return 1;
 
 		case CTO_CapsModeChars:
-- 
2.36.1

Places

File liblouis-CVE-2022-31783.patch of Package liblouis.33555

Places