Skip to content

Commit

Permalink
Fix a buffer overflow (#311)
Browse files Browse the repository at this point in the history
It happens if raw_str_used underflows and ends up a very large number,
which is then used as the size of a string.

Closes #285.
  • Loading branch information
gaborcsardi authored Feb 17, 2024
1 parent 38d4418 commit c7baae7
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/spss/readstat_sav_read.c
Original file line number Diff line number Diff line change
Expand Up @@ -717,7 +717,7 @@ static readstat_error_t sav_process_row(unsigned char *buffer, size_t buffer_len
}
if (++offset == col_info->width) {
if (++segment_offset < var_info->n_segments) {
raw_str_used--;
if (raw_str_used > 0) raw_str_used--;
}
offset = 0;
col++;
Expand Down

0 comments on commit c7baae7

Please sign in to comment.