From 5bc794b5aec343f4888ef032f8ee1ed3a8c65493 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Mon, 21 Feb 2022 20:51:35 -0600 Subject: [PATCH] Security: Invalid read when using -bB. The incorrect variable is being used when performing the size check. This resulted in the wrong calculation and the subsequent invalid read. --- level_3/utf8/c/private-utf8.c | 4 ++-- level_3/utf8/c/private-utf8_binary.c | 1 + level_3/utf8/c/utf8.c | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/level_3/utf8/c/private-utf8.c b/level_3/utf8/c/private-utf8.c index 6d700ac..2f58847 100644 --- a/level_3/utf8/c/private-utf8.c +++ b/level_3/utf8/c/private-utf8.c @@ -124,7 +124,7 @@ extern "C" { if (text->size == 1) { text->used = text->string[0] ? 1 : 0; } - else if (text->used == 2) { + else if (text->size == 2) { if (!text->string[0]) { text->used = 1; } @@ -132,7 +132,7 @@ extern "C" { text->used = text->string[1] ? 2 : 1; } } - else if (text->used == 3) { + else if (text->size == 3) { if (!text->string[0]) { text->used = 1; } diff --git a/level_3/utf8/c/private-utf8_binary.c b/level_3/utf8/c/private-utf8_binary.c index 217bf5c..5a09803 100644 --- a/level_3/utf8/c/private-utf8_binary.c +++ b/level_3/utf8/c/private-utf8_binary.c @@ -88,6 +88,7 @@ extern "C" { utf8_print_signal_received(data, status); status = F_signal; + break; } } diff --git a/level_3/utf8/c/utf8.c b/level_3/utf8/c/utf8.c index e4f7650..34d3b71 100644 --- a/level_3/utf8/c/utf8.c +++ b/level_3/utf8/c/utf8.c @@ -411,6 +411,7 @@ extern "C" { if (!((++signal_check) % utf8_signal_check_d)) { if (utf8_signal_received(&data)) { status = F_status_set_error(F_signal); + break; } -- 1.8.3.1