patch 9.0.1847: [security] potential oob write in do_addsub()
Problem: potential oob write in do_addsub()
Solution: don't overflow buf2, check size in for loop()
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/ops.c b/src/ops.c
index d46a049..f4524d3 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -2919,7 +2919,7 @@
for (bit = bits; bit > 0; bit--)
if ((n >> (bit - 1)) & 0x1) break;
- for (i = 0; bit > 0; bit--)
+ for (i = 0; bit > 0 && i < (NUMBUFLEN - 1); bit--)
buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0';
buf2[i] = '\0';
diff --git a/src/version.c b/src/version.c
index 5cde7c1..c638a10 100644
--- a/src/version.c
+++ b/src/version.c
@@ -700,6 +700,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1847,
+/**/
1846,
/**/
1845,