Skip to content

Commit a24f115

Browse files
committed
[Valgrind] Fix buffer overflow in stack header reading
The `tnewheader` buffer is eventually passed to `strlen()`. This was causing a buffer overrun because the buffer was not nul-terminated.(imported from commit 505ff33)
1 parent ef89e27 commit a24f115

1 file changed

Lines changed: 2 additions & 1 deletion

File tree

engine/src/dispatch.cpp

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -417,9 +417,10 @@ Boolean MCDispatch::openenv(MCStringRef sname, MCStringRef env,
417417

418418
IO_stat readheader(IO_handle& stream, uint32_t& r_version)
419419
{
420-
char tnewheader[kMCStackFileVersionStringLength];
420+
char tnewheader[kMCStackFileVersionStringLength + 1];
421421
if (IO_read(tnewheader, kMCStackFileVersionStringLength, stream) != IO_NORMAL)
422422
return IO_ERROR;
423+
tnewheader[kMCStackFileVersionStringLength] = '\0'; /* nul-terminate */
423424

424425
// AL-2014-10-27: [[ Bug 12558 ]] Check for valid header prefix
425426
if (!MCStackFileParseVersionNumber(tnewheader, r_version))

0 commit comments

Comments
 (0)