From: Richard W.M. Jones <rjones@redhat.com>
Date: Wed, 13 Apr 2011 13:01:03 +0000 (+0100)
Subject: hivex_value_multiple_strings: Don't read uninitialized data.
X-Git-Tag: 1.2.5~2
X-Git-Url: http://git.annexia.org/?p=hivex.git;a=commitdiff_plain;h=53056244696385299fe0d298bd25053dd7c07dc0

hivex_value_multiple_strings: Don't read uninitialized data.

If hivex_value_multiple_strings was given a value which had an odd
length or if the data in the value was unterminated,
hivex_value_multiple_strings could read uninitialized data.

Potentially (although very unlikely) this could cause a
non-exploitable segfault in the calling program.
---

diff --git a/lib/hivex.c b/lib/hivex.c
index 71ea5c3..d2ab23d 100644
--- a/lib/hivex.c
+++ b/lib/hivex.c
@@ -1421,7 +1421,8 @@ hivex_value_multiple_strings (hive_h *h, hive_value_h value)
   char *p = data;
   size_t plen;
 
-  while (p < data + len && (plen = utf16_string_len_in_bytes (p)) > 0) {
+  while (p < data + len &&
+         (plen = utf16_string_len_in_bytes_max (p, data + len - p)) > 0) {
     nr_strings++;
     char **ret2 = realloc (ret, (1 + nr_strings) * sizeof (char *));
     if (ret2 == NULL) {