[gnome-software/gnome-3-26] steam: Fix an out of bounds read
- From: Kalev Lember <klember src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-software/gnome-3-26] steam: Fix an out of bounds read
- Date: Thu, 8 Feb 2018 11:51:28 +0000 (UTC)
commit 9c6f37adf55bfb79762b1de19914a127b6cd9f71
Author: Kalev Lember <klember redhat com>
Date: Tue Jan 9 21:53:13 2018 +0100
steam: Fix an out of bounds read
Avoid using "data_len - 9" as that can result in wraparound as data_len
is an unsigned integer.
This fixes a crash when appinfo.vdf is a zero length file.
https://bugzilla.redhat.com/show_bug.cgi?id=1493414
plugins/steam/gs-plugin-steam.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/plugins/steam/gs-plugin-steam.c b/plugins/steam/gs-plugin-steam.c
index b50089ba..02e6fd1b 100644
--- a/plugins/steam/gs-plugin-steam.c
+++ b/plugins/steam/gs-plugin-steam.c
@@ -109,7 +109,7 @@ static void
gs_plugin_steam_find_next_sync_point (guint8 *data, gsize data_len, guint *idx)
{
guint i;
- for (i = *idx; i < data_len - 9; i++) {
+ for (i = *idx; i + 9 < data_len; i++) {
if (memcmp (&data[i], "\0\x02\0common\0", 8) == 0) {
*idx = i - 1;
return;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]