GNOME.org
 

[evolution-data-server/gnome-3-36] I#210 - Global buffer overflow in e_contact_check_attr_type_value_used()

commit 0bc6f94796f2b107bae90a0581df16c1f1149e9c
Author: Milan Crha <mcrha redhat com>
Date:   Mon May 4 12:57:22 2020 +0200

    I#210 - Global buffer overflow in e_contact_check_attr_type_value_used()
    
    Closes https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/210

 src/addressbook/libebook-contacts/e-contact.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
---
diff --git a/src/addressbook/libebook-contacts/e-contact.c b/src/addressbook/libebook-contacts/e-contact.c
index 5b00d1b17..92b8822a5 100644
--- a/src/addressbook/libebook-contacts/e-contact.c
+++ b/src/addressbook/libebook-contacts/e-contact.c
@@ -405,8 +405,12 @@ e_contact_check_attr_type_value_used (const AttrTypeValue *attr_type_values,
                if (skip) {
                        pos = 0;
 
-                       while (attr_type_values->type_values[ii] && attr_type_values->type_values[ii] != ';')
+                       while (attr_type_values->type_values[ii] && attr_type_values->type_values[ii] != ';') 
{
+                               /* To avoid buffer overflow, where the 'for' itself also ii++ */
+                               if (!attr_type_values->type_values[ii + 1])
+                                       break;
                                ii++;
+                       }
                }
        }
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]