OVERRUN_STATIC in /inkbugs/inkscape/src/dom/util/ziptool.cpp
Bug #613729 reported by
Vaughn Spurlin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Inkscape |
Fix Released
|
Low
|
Unassigned | ||
0.92.x |
Fix Released
|
Low
|
Qantas94Heavy |
Bug Description
OVERRUN_STATIC in /inkbugs/
In Deflater:
Out-of-bounds read from an array (CWE-125).
1180 DistBase distBases[] =
1181 {
1182 { 1, 1, 0 },
...
1211 { 24577, 8192, 13 }
1212 };
...
1226 for (int i=0 ; i<30 ; i++)
1227 {
Overrunning static array "lenBases", with 29 elements, at position 29 with index variable "i".
1228 unsigned int base = lenBases[i].base;
Changed in inkscape: | |
status: | New → Confirmed |
Changed in inkscape: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
fix suggestion 2010-07-25:
1212.1 const int distBasesLen = sizeof(distBases) / sizeof(DistBase);
...
1226 for (int i=0 ; i<distBasesLen ; i++)
fix reason:
Avoid hardcoded number by defining a constant that the compiler can calculate.