40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From 2e4772befb2b1c37cb4b9d6572945115ee28630a Mon Sep 17 00:00:00 2001
|
|
From: Christian Egli <christian.egli@sbs.ch>
|
|
Date: Wed, 25 May 2022 18:08:36 +0200
|
|
Subject: [PATCH] Prevent an invalid memory writes in compileRule
|
|
|
|
Origin: https://github.com/liblouis/liblouis/commit/2e4772b
|
|
|
|
---
|
|
liblouis/compileTranslationTable.c | 14 ++++++++------
|
|
1 file changed, 8 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
|
|
index a2ba81e..50b86a9 100644
|
|
--- a/liblouis/compileTranslationTable.c
|
|
+++ b/liblouis/compileTranslationTable.c
|
|
@@ -3244,12 +3244,14 @@ doOpcode:
|
|
case CTO_SeqAfterExpression:
|
|
|
|
if (getRuleCharsText(nested, &ruleChars, &lastToken)) {
|
|
- for ((*table)->seqAfterExpressionLength = 0;
|
|
- (*table)->seqAfterExpressionLength < ruleChars.length;
|
|
- (*table)->seqAfterExpressionLength++)
|
|
- (*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] =
|
|
- ruleChars.chars[(*table)->seqAfterExpressionLength];
|
|
- (*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] = 0;
|
|
+ if ((ruleChars.length + 1) > SEQPATTERNSIZE) {
|
|
+ compileError(nested, "More than %d characters", SEQPATTERNSIZE);
|
|
+ return 0;
|
|
+ }
|
|
+ for (int k = 0; k < ruleChars.length; k++)
|
|
+ (*table)->seqAfterExpression[k] = ruleChars.chars[k];
|
|
+ (*table)->seqAfterExpression[ruleChars.length] = 0;
|
|
+ (*table)->seqAfterExpressionLength = ruleChars.length;
|
|
}
|
|
break;
|
|
|
|
--
|
|
2.33.0
|
|
|