blob: ba81c1fd7378f91f45a25b4cf0a1bc3981103958 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Author: Antonio Diaz-Diaz <antonio@gnu.org>
Description: zcat.cc: Fixed a buffer overrun on outbuf when '-v' is used [CVE-2018-1000637] (Closes: #902936).
diff -Naurp zutils/zcat.cc zutils/zcat.cc
--- zutils/zcat.cc
+++ zutils/zcat.cc
@@ -232,8 +232,9 @@ int cat( int infd, const int format_inde
enum { buffer_size = 4096 };
// buffer with space for sentinel newline at the end
uint8_t * const inbuf = new uint8_t[buffer_size+1];
- // buffer with space for character quoting and 255-digit line number
- uint8_t * const outbuf = new uint8_t[(4*buffer_size)+256];
+ // buffer with space for character quoting, 255-digit line number and
+ // worst case flushing respect to inbuf.
+ uint8_t * const outbuf = new uint8_t[(5*buffer_size)+256];
int retval = 0;
Children children;
if( !set_data_feeder( input_filename, &infd, children, format_index ) )
|
