mirror of
https://github.com/radareorg/radare2.git
synced 2024-11-24 13:49:50 +00:00
patch #14211 heap buffer overflow in large ragg2
inputs. this should be refactored to use an RBuffer to enable dynamic resizing, but for now just patching it to bail out if we are about to overwrite the allocated statically sized buffer
This commit is contained in:
Lowly Worm
parent
bae1ad061f
commit
e710401ebb
@ -343,6 +343,10 @@ R_API int r_egg_compile(REgg *egg) {
|
||||
r_egg_lang_init (egg);
|
||||
for (; b; ) {
|
||||
r_egg_lang_parsechar (egg, b);
|
||||
if (egg->lang.elem_n >= sizeof (egg->lang.elem)) {
|
||||
eprintf ("ERROR: elem too large.\n");
|
||||
break;
|
||||
}
|
||||
int r = r_buf_read (egg->src, (ut8 *)&b, sizeof (b));
|
||||
if (r != sizeof (b)) {
|
||||
break;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user