Security: Invalid read when using -bB.

The incorrect variable is being used when performing the size check.
This resulted in the wrong calculation and the subsequent invalid read.

diff --git a/level_3/utf8/c/private-utf8.c b/level_3/utf8/c/private-utf8.c
index 6d700ac356cf8dfffb99013af7569fdae91cbabf..2f588472b3aebed6d3244f3603425115f900d0e0 100644 (file)
--- a/level_3/utf8/c/private-utf8.c
+++ b/level_3/utf8/c/private-utf8.c
@@ -124,7 +124,7 @@ extern "C" {
     if (text->size == 1) {
       text->used = text->string[0] ? 1 : 0;
     }
-    else if (text->used == 2) {
+    else if (text->size == 2) {
       if (!text->string[0]) {
         text->used = 1;
       }
@@ -132,7 +132,7 @@ extern "C" {
         text->used = text->string[1] ? 2 : 1;
       }
     }
-    else if (text->used == 3) {
+    else if (text->size == 3) {
       if (!text->string[0]) {
         text->used = 1;
       }

diff --git a/level_3/utf8/c/private-utf8_binary.c b/level_3/utf8/c/private-utf8_binary.c
index 217bf5c3fb22a3ebe28795ecc509ccade8c5ae79..5a0980355fbfb231a71f6959d06f0164c195fcab 100644 (file)
--- a/level_3/utf8/c/private-utf8_binary.c
+++ b/level_3/utf8/c/private-utf8_binary.c
@@ -88,6 +88,7 @@ extern "C" {
             utf8_print_signal_received(data, status);
 
             status = F_signal;
+
             break;
           }
         }

diff --git a/level_3/utf8/c/utf8.c b/level_3/utf8/c/utf8.c
index e4f7650d549d99b1b1a8cc21f9cf8ebd6af6c1ab..34d3b714337e8fc12bd5983e7f6549b81720aeed 100644 (file)
--- a/level_3/utf8/c/utf8.c
+++ b/level_3/utf8/c/utf8.c
@@ -411,6 +411,7 @@ extern "C" {
           if (!((++signal_check) % utf8_signal_check_d)) {
             if (utf8_signal_received(&data)) {
               status = F_status_set_error(F_signal);
+
               break;
             }