Mageia Bugzilla – Attachment 2876 Details for
Bug 7596
Java on webpages causes iceape to crash with a buffer overflow.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
[patch]
fix for the buffer overflow
icedtea-web-1.1.6-buffer-overflow.patch (text/plain), 709 bytes, created by
Christiaan Welvaart
on 2012-09-30 17:12:37 CEST
(
hide
)
Description:
fix for the buffer overflow
Filename:
MIME Type:
Creator:
Christiaan Welvaart
Created:
2012-09-30 17:12:37 CEST
Size:
709 bytes
patch
obsolete
>--- icedtea-web-1.1.6/plugin/icedteanp/IcedTeaNPPlugin.cc.bufferoverflow 2012-09-28 03:51:17.512427024 +0200 >+++ icedtea-web-1.1.6/plugin/icedteanp/IcedTeaNPPlugin.cc 2012-09-28 03:52:01.753430396 +0200 >@@ -2027,8 +2027,16 @@ > > //Ensure any unused fields are NULL > memset(&browser_functions, 0, sizeof(NPNetscapeFuncs)); >+ >+ //Do not copy more than what fits in our browser_functions >+ usedSize = browserTable->size; >+ if (usedSize > sizeof(browser_functions)) >+ { >+ usedSize = sizeof(browser_functions); >+ } >+ > //Copy fields according to given size >- memcpy(&browser_functions, browserTable, browserTable->size); >+ memcpy(&browser_functions, browserTable, usedSize); > > return true; > }
--- icedtea-web-1.1.6/plugin/icedteanp/IcedTeaNPPlugin.cc.bufferoverflow 2012-09-28 03:51:17.512427024 +0200 +++ icedtea-web-1.1.6/plugin/icedteanp/IcedTeaNPPlugin.cc 2012-09-28 03:52:01.753430396 +0200 @@ -2027,8 +2027,16 @@ //Ensure any unused fields are NULL memset(&browser_functions, 0, sizeof(NPNetscapeFuncs)); + + //Do not copy more than what fits in our browser_functions + usedSize = browserTable->size; + if (usedSize > sizeof(browser_functions)) + { + usedSize = sizeof(browser_functions); + } + //Copy fields according to given size - memcpy(&browser_functions, browserTable, browserTable->size); + memcpy(&browser_functions, browserTable, usedSize); return true; }
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 7596
: 2876