Skip to content

Commit

Permalink
Fix a buffer overflow
Browse files Browse the repository at this point in the history
It happens if raw_str_used underflows and ends up a very large number,
which is then used as the size of a string.

Closes #285.
  • Loading branch information
gaborcsardi committed Feb 9, 2024
1 parent 4926250 commit d9b3c92
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/spss/readstat_sav_read.c
Original file line number Diff line number Diff line change
Expand Up @@ -717,7 +717,7 @@ static readstat_error_t sav_process_row(unsigned char *buffer, size_t buffer_len
}
if (++offset == col_info->width) {
if (++segment_offset < var_info->n_segments) {
raw_str_used--;
if (raw_str_used > 0) raw_str_used--;
}
offset = 0;
col++;
Expand Down

0 comments on commit d9b3c92

Please sign in to comment.