[PATCH] fix overflow on script_dec (#2052)

author Aurelien David <aurelien.david@telecom-paristech.fr>

Mon, 17 Jan 2022 14:35:59 +0000 (15:35 +0100)

committer Aron Xu <aron@debian.org>

Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
author Aurelien David <aurelien.david@telecom-paristech.fr>
Mon, 17 Jan 2022 14:35:59 +0000 (15:35 +0100)
committer Aron Xu <aron@debian.org>
Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
diff --git a/src/bifs/script_dec.c b/src/bifs/script_dec.c

index cc6794aad3553cb9df62ca6d9a889e3260860522..fe0fd087baa1e279a08345fc84e643d5ed819023 100644 (file)
--- a/src/bifs/script_dec.c
+++ b/src/bifs/script_dec.c
@@ -73,13 +73,13 @@ static void SFS_AddString(ScriptParser *parser, char *str)
         char *new_str;
         if (!str) return;
         if (strlen(parser->string) + strlen(str) >= parser->length) {
-               parser->length += PARSER_STEP_ALLOC;
+               parser->length = strlen(parser->string) + strlen(str) + PARSER_STEP_ALLOC;
                 new_str = (char *)gf_malloc(sizeof(char)*parser->length);
                 strcpy(new_str, parser->string);
                 gf_free(parser->string);
                 parser->string = new_str;
         }
-       strcat(parser->string, str);
+       strncat(parser->string, str, parser->length - strlen(parser->string) - 1);
  }
  
  static void SFS_AddInt(ScriptParser *parser, s32 val)
author	Aurelien David <aurelien.david@telecom-paristech.fr>
	Mon, 17 Jan 2022 14:35:59 +0000 (15:35 +0100)
committer	Aron Xu <aron@debian.org>
	Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)