rpms / ncurses

Clone
Source Code
GIT

Blame SOURCES/ncurses-cve-2019-17594.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   e9e2905548c41472b823797f4f81d2096a0da4e6
  2.   SOURCES
  3.   ncurses-cve-2019-17594.patch
Blob History Raw
e9e290 
From snapshot 6.1-20191012
e9e290
e9e290 
diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
e9e290 
index 21f165ca..a62d38f9 100644
e9e290 
--- a/ncurses/tinfo/comp_hash.c
e9e290 
+++ b/ncurses/tinfo/comp_hash.c
e9e290 
@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
e9e290
e9e290 
     hashvalue = data->hash_of(string);
e9e290
e9e290 
-    if (data->table_data[hashvalue] >= 0) {
e9e290 
+    if (hashvalue >= 0
e9e290 
+	&& (unsigned) hashvalue < data->table_size
e9e290 
+	&& data->table_data[hashvalue] >= 0) {
e9e290
e9e290 
 	real_table = _nc_get_table(termcap);
e9e290 
 	ptr = real_table + data->table_data[hashvalue];
e9e290 
@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
e9e290 
     const HashData *data = _nc_get_hash_info(termcap);
e9e290 
     int hashvalue = data->hash_of(string);
e9e290
e9e290 
-    if (data->table_data[hashvalue] >= 0) {
e9e290 
+    if (hashvalue >= 0
e9e290 
+	&& (unsigned) hashvalue < data->table_size
e9e290 
+	&& data->table_data[hashvalue] >= 0) {
e9e290 
 	const struct name_table_entry *const table = _nc_get_table(termcap);
e9e290
e9e290 
 	ptr = table + data->table_data[hashvalue];

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation