34 lines
895 B
Diff
34 lines
895 B
Diff
From 5d0c6565bab5b9b7efceb33b626916d22b4101a7 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Thu, 28 Apr 2016 17:34:27 +0200
|
|
Subject: [PATCH] Fix buffer overflow in exsltDateFormat
|
|
|
|
Long years can overflow a stack-based buffer on 64-bit platforms by
|
|
up to four bytes.
|
|
|
|
Thanks to Nicolas Gregoire for the report.
|
|
|
|
Fixes bug #765380:
|
|
|
|
https://bugzilla.gnome.org/show_bug.cgi?id=765380
|
|
---
|
|
libexslt/date.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/libexslt/date.c b/libexslt/date.c
|
|
index 272c61b..12c9919 100644
|
|
--- a/libexslt/date.c
|
|
+++ b/libexslt/date.c
|
|
@@ -1283,7 +1283,7 @@ exsltDateFormat (const exsltDateValPtr dt)
|
|
}
|
|
|
|
if (dt->type & XS_GYEAR) {
|
|
- xmlChar buf[20], *cur = buf;
|
|
+ xmlChar buf[100], *cur = buf;
|
|
|
|
FORMAT_GYEAR(dt->value.date.year, cur);
|
|
if (dt->type == XS_GYEARMONTH) {
|
|
--
|
|
2.8.1
|
|
|