[evolution-data-server] I#210 - Global buffer overflow in e_contact_check_attr_type_value_used()

From: Milan Crha <mcrha src gnome org>
To: commits-list gnome org
Cc:
Subject: [evolution-data-server] I#210 - Global buffer overflow in e_contact_check_attr_type_value_used()
Date: Mon, 4 May 2020 10:55:18 +0000 (UTC)

commit fc756026a359590071839ec16fbaa2a117d6a62d
Author: Milan Crha <mcrha redhat com>
Date:   Mon May 4 12:57:22 2020 +0200

    I#210 - Global buffer overflow in e_contact_check_attr_type_value_used()
    
    Closes https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/210

 src/addressbook/libebook-contacts/e-contact.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
---
diff --git a/src/addressbook/libebook-contacts/e-contact.c b/src/addressbook/libebook-contacts/e-contact.c
index 5b00d1b17..92b8822a5 100644
--- a/src/addressbook/libebook-contacts/e-contact.c
+++ b/src/addressbook/libebook-contacts/e-contact.c
@@ -405,8 +405,12 @@ e_contact_check_attr_type_value_used (const AttrTypeValue *attr_type_values,
                if (skip) {
                        pos = 0;
 
-                       while (attr_type_values->type_values[ii] && attr_type_values->type_values[ii] != ';')
+                       while (attr_type_values->type_values[ii] && attr_type_values->type_values[ii] != ';') 
{
+                               /* To avoid buffer overflow, where the 'for' itself also ii++ */
+                               if (!attr_type_values->type_values[ii + 1])
+                                       break;
                                ii++;
+                       }
                }
        }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]