Apply Patch #119 -
"Fix buffer overflow in src/xspice/icm/digital/d_state/cfunc.mod". The change is not identical to the supplied patch. It was slightly modified to make the original code more sane. Found and patched by Artem Sinkevich.
This commit is contained in:
parent
abc3fceb7e
commit
5980869040
|
|
@ -1365,14 +1365,15 @@ static int cm_read_state_file(FILE *state_file, State_Table_t *table)
|
||||||
}
|
}
|
||||||
|
|
||||||
i = 0;
|
i = 0;
|
||||||
s = temp;
|
while (fgets(temp, MAX_STRING_SIZE, state_file) != NULL) {
|
||||||
while ( fgets(s,MAX_STRING_SIZE,state_file) != NULL) {
|
|
||||||
/* Test this string to see if it is whitespace... */
|
/* Test this string to see if it is whitespace... */
|
||||||
|
|
||||||
|
s = temp;
|
||||||
base_address = s;
|
base_address = s;
|
||||||
while(isspace_c(*s) || (*s == '*'))
|
while(isspace_c(*s) || (*s == '*'))
|
||||||
(s)++;
|
(s)++;
|
||||||
if ( *s != '\0' ) { /* This is not a blank line, so process... */
|
if ( *s != '\0' ) {
|
||||||
|
/* This is not a blank line, so process... */
|
||||||
s = base_address;
|
s = base_address;
|
||||||
|
|
||||||
if ( '*' != s[0] ) {
|
if ( '*' != s[0] ) {
|
||||||
|
|
@ -1571,7 +1572,6 @@ static int cm_read_state_file(FILE *state_file, State_Table_t *table)
|
||||||
}
|
}
|
||||||
i++;
|
i++;
|
||||||
}
|
}
|
||||||
s = temp;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue