| From fe1531243697fa29b8759619df0ece9b5602600a Mon Sep 17 00:00:00 2001 |
| From: Vaibhav Rustagi <vaibhavrustagi@google.com> |
| Date: Mon, 9 Aug 2021 18:22:22 -0700 |
| Subject: [PATCH] Add changes from ncurses 6.1 - patch 20191012. |
| |
| All versions of ncurses before v6.1-20191012 has a heap-based buffer |
| over read issue in tinfo/comp_hash.c |
| Cherry-pick the patches that resolves the problem. |
| |
| Upstream commit: |
| https://github.com/mirror/ncurses/commit/b025434573f466efe27862656a6a9d41dd2bd609#diff-332a9bbcab0d88d14108d736ca0c9aa621758305ad3de6d36e86d44814f4270f |
| --- |
| ncurses/tinfo/comp_hash.c | 8 ++++++-- |
| 1 file changed, 6 insertions(+), 2 deletions(-) |
| |
| diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c |
| index 959c6e15..361669ea 100644 |
| --- a/ncurses/tinfo/comp_hash.c |
| +++ b/ncurses/tinfo/comp_hash.c |
| @@ -63,7 +63,9 @@ _nc_find_entry(const char *string, |
| |
| hashvalue = data->hash_of(string); |
| |
| - if (data->table_data[hashvalue] >= 0) { |
| + if (hashvalue >= 0 |
| + && (unsigned) hashvalue < data->table_size |
| + && data->table_data[hashvalue] >= 0) { |
| |
| real_table = _nc_get_table(termcap); |
| ptr = real_table + data->table_data[hashvalue]; |
| @@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string, |
| const HashData *data = _nc_get_hash_info(termcap); |
| int hashvalue = data->hash_of(string); |
| |
| - if (data->table_data[hashvalue] >= 0) { |
| + if (hashvalue >= 0 |
| + && (unsigned) hashvalue < data->table_size |
| + && data->table_data[hashvalue] >= 0) { |
| const struct name_table_entry *const table = _nc_get_table(termcap); |
| |
| ptr = table + data->table_data[hashvalue]; |
| -- |
| 2.32.0.605.g8dce9f2422-goog |
| |
