From 492f2ea1326d7825943f48aff31ed0ddc89fd2b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 4 Jul 2012 17:04:44 +0200
Subject: [PATCH] Fix off-by-one error when copying RTF header
The RTF header (RTF_PREBUF) string is copied to temporary buffer. The
terminating '\0' is never accessed, so it's not needed and cannot be
written after the allocated buffer.
<http://sourceforge.net/tracker/?func=detail&aid=2949686&group_id=70352&atid=527487>
<https://bugzilla.redhat.com/show_bug.cgi?id=831322>
---
ytnef.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ytnef.c b/ytnef.c
index 482ecdc..970c048 100644
--- a/ytnef.c
+++ b/ytnef.c
@@ -1328,7 +1328,7 @@ unsigned char *DecompressRTF(variableLength *p, int *size) {
comp_Prebuf.size = strlen(RTF_PREBUF);
comp_Prebuf.data = calloc(comp_Prebuf.size, 1);
- strcpy(comp_Prebuf.data, RTF_PREBUF);
+ memcpy(comp_Prebuf.data, RTF_PREBUF, comp_Prebuf.size);
src = p->data;
in = 0;
--
1.7.7.6
distrib
>
Mageia
>
3
>
i586
>
media
>
core-release-src
>
by-pkgid
>
83ac7771f4597d269ce389970054de9f
>
files
>
2
