Mercurial > hg > release > icedtea-web-1.1

changeset 308:90bd44b2f469

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixes PR1106, buffer overflow in plugin table
author Adam Domurad <adomurad@redhat.com>
date Tue, 07 Aug 2012 10:47:17 -0400
parents 4874bb69ef2d
children b7d63cc06ec4
files NEWS plugin/icedteanp/IcedTeaNPPlugin.cc
diffstat 2 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/NEWS	Thu Aug 02 09:17:21 2012 -0400
+++ b/NEWS	Tue Aug 07 10:47:17 2012 -0400
@@ -17,6 +17,7 @@
 * Plugin
   - PR863: Error passing strings to applet methods in Chromium
   - PR518: NPString.utf8characters not guaranteed to be nul-terminated
+  - PR1106: Buffer overflow in plugin table
 
 New in release 1.1.5 (2012-03-05):
 * Plugin
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc	Thu Aug 02 09:17:21 2012 -0400
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc	Tue Aug 07 10:47:17 2012 -0400
@@ -2024,8 +2024,13 @@
 
   //Ensure any unused fields are NULL
   memset(&browser_functions, 0, sizeof(NPNetscapeFuncs));
+
+  //browserTable->size can be larger than sizeof(NPNetscapeFuncs) (PR1106)
+  size_t copySize = browserTable->size < sizeof(NPNetscapeFuncs) ?
+                    browserTable->size : sizeof(NPNetscapeFuncs);
+
   //Copy fields according to given size
-  memcpy(&browser_functions, browserTable, browserTable->size);
+  memcpy(&browser_functions, browserTable, copySize);
 
   return true;
 }