/hg/release/icedtea-web-1.1: Fixes PR1106, buffer overflow in pl...
adomurad at icedtea.classpath.org
adomurad at icedtea.classpath.org
Tue Aug 7 07:47:27 PDT 2012
changeset 90bd44b2f469 in /hg/release/icedtea-web-1.1
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.1?cmd=changeset;node=90bd44b2f469
author: Adam Domurad <adomurad at redhat.com>
date: Tue Aug 07 10:47:17 2012 -0400
Fixes PR1106, buffer overflow in plugin table
diffstat:
NEWS | 1 +
plugin/icedteanp/IcedTeaNPPlugin.cc | 7 ++++++-
2 files changed, 7 insertions(+), 1 deletions(-)
diffs (29 lines):
diff -r 4874bb69ef2d -r 90bd44b2f469 NEWS
--- a/NEWS Thu Aug 02 09:17:21 2012 -0400
+++ b/NEWS Tue Aug 07 10:47:17 2012 -0400
@@ -17,6 +17,7 @@
* Plugin
- PR863: Error passing strings to applet methods in Chromium
- PR518: NPString.utf8characters not guaranteed to be nul-terminated
+ - PR1106: Buffer overflow in plugin table
New in release 1.1.5 (2012-03-05):
* Plugin
diff -r 4874bb69ef2d -r 90bd44b2f469 plugin/icedteanp/IcedTeaNPPlugin.cc
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc Thu Aug 02 09:17:21 2012 -0400
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Tue Aug 07 10:47:17 2012 -0400
@@ -2024,8 +2024,13 @@
//Ensure any unused fields are NULL
memset(&browser_functions, 0, sizeof(NPNetscapeFuncs));
+
+ //browserTable->size can be larger than sizeof(NPNetscapeFuncs) (PR1106)
+ size_t copySize = browserTable->size < sizeof(NPNetscapeFuncs) ?
+ browserTable->size : sizeof(NPNetscapeFuncs);
+
//Copy fields according to given size
- memcpy(&browser_functions, browserTable, browserTable->size);
+ memcpy(&browser_functions, browserTable, copySize);
return true;
}
More information about the distro-pkg-dev
mailing list