blob: 3576df214ae1a306f97946254f903c2e8e7f0df4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Simple bounds checks for CVE-2023-40890
--- a/zbar/decoder/databar.c
+++ b/zbar/decoder/databar.c
@@ -23,6 +23,8 @@
#include <config.h>
#include <zbar.h>
+#include <stdlib.h>
+#include <stdio.h>
#ifdef DEBUG_DATABAR
# define DEBUG_LEVEL (DEBUG_DATABAR)
@@ -691,6 +693,12 @@ lookup_sequence (databar_segment_t *seg,
fixed = -1;
s <<= 1;
dbprintf(2, "%x", s);
+
+ if (i > 20) {
+ fprintf(stderr, "Bug: Out-of-bounds condition detected\n");
+ exit(99);
+ }
+
seq[i++] = s++;
seq[i++] = s;
}
|