Mercurial > hg > release > icedtea-web-1.1
changeset 308:90bd44b2f469
Fixes PR1106, buffer overflow in plugin table
author | Adam Domurad <adomurad@redhat.com> |
---|---|
date | Tue, 07 Aug 2012 10:47:17 -0400 |
parents | 4874bb69ef2d |
children | b7d63cc06ec4 |
files | NEWS plugin/icedteanp/IcedTeaNPPlugin.cc |
diffstat | 2 files changed, 7 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Thu Aug 02 09:17:21 2012 -0400 +++ b/NEWS Tue Aug 07 10:47:17 2012 -0400 @@ -17,6 +17,7 @@ * Plugin - PR863: Error passing strings to applet methods in Chromium - PR518: NPString.utf8characters not guaranteed to be nul-terminated + - PR1106: Buffer overflow in plugin table New in release 1.1.5 (2012-03-05): * Plugin
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc Thu Aug 02 09:17:21 2012 -0400 +++ b/plugin/icedteanp/IcedTeaNPPlugin.cc Tue Aug 07 10:47:17 2012 -0400 @@ -2024,8 +2024,13 @@ //Ensure any unused fields are NULL memset(&browser_functions, 0, sizeof(NPNetscapeFuncs)); + + //browserTable->size can be larger than sizeof(NPNetscapeFuncs) (PR1106) + size_t copySize = browserTable->size < sizeof(NPNetscapeFuncs) ? + browserTable->size : sizeof(NPNetscapeFuncs); + //Copy fields according to given size - memcpy(&browser_functions, browserTable, browserTable->size); + memcpy(&browser_functions, browserTable, copySize); return true; }