Avoid reading past the end of buffer | |
CVE-2018-10360 | |
https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22 | |
--- a/src/readelf.c | |
+++ b/src/readelf.c | |
@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, | |
cname = (unsigned char *) | |
&nbuf[doff + prpsoffsets(i)]; | |
- for (cp = cname; *cp && isprint(*cp); cp++) | |
+ for (cp = cname; cp < nbuf + size && *cp | |
+ && isprint(*cp); cp++) | |
continue; | |
/* | |
* Linux apparently appends a space at the end |