OVERRUN_STATIC in /inkbugs/inkscape/src/dom/util/ziptool.cpp
Bug #613729 reported by
Vaughn Spurlin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Inkscape |
Fix Released
|
Low
|
Unassigned | ||
| 0.92.x |
Fix Released
|
Low
|
Qantas94Heavy | ||
Bug Description
OVERRUN_STATIC in /inkbugs/
In Deflater:
Out-of-bounds read from an array (CWE-125).
1180 DistBase distBases[] =
1181 {
1182 { 1, 1, 0 },
...
1211 { 24577, 8192, 13 }
1212 };
...
1226 for (int i=0 ; i<30 ; i++)
1227 {
Overrunning static array "lenBases", with 29 elements, at position 29 with index variable "i".
1228 unsigned int base = lenBases[i].base;
Revision history for this message
| Vaughn Spurlin (vspurlin) wrote | #1 |
Revision history for this message
| Jon A. Cruz (jon-joncruz) wrote | #2 |
| Changed in inkscape: | |
| status: | New → Confirmed |
Revision history for this message
| Qantas94Heavy (qantas94heavy) wrote | #3 |
| Changed in inkscape: | |
| milestone: | none → 1.0 |
| status: | Confirmed → In Progress |
| status: | In Progress → Fix Committed |
Revision history for this message
| Qantas94Heavy (qantas94heavy) wrote | #4 |
| Changed in inkscape: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
fix suggestion 2010-07-25:
1212.1 const int distBasesLen = sizeof(distBases) / sizeof(DistBase);
...
1226 for (int i=0 ; i<distBasesLen ; i++)
fix reason:
Avoid hardcoded number by defining a constant that the compiler can calculate.