27 lines
848 B
Diff
27 lines
848 B
Diff
From 84addf3c1efbd51d8ff424b7da276400bbfa1a4b Mon Sep 17 00:00:00 2001
|
|
From: Torsten Paul <Torsten.Paul@gmx.de>
|
|
Date: Sat, 5 Feb 2022 18:45:29 +0100
|
|
Subject: [PATCH] CVE-2022-0497 Out-of-bounds memory access in comment parser.
|
|
|
|
Public issue:
|
|
https://github.com/openscad/openscad/issues/4043
|
|
|
|
Fix in master branch:
|
|
https://github.com/openscad/openscad/pull/4044
|
|
---
|
|
src/comment.cpp | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/comment.cpp b/src/comment.cpp
|
|
index f02ad2c5f6..1ce3ab547b 100644
|
|
--- a/src/comment.cpp
|
|
+++ b/src/comment.cpp
|
|
@@ -92,7 +92,7 @@ static std::string getComment(const std::string &fulltext, int line)
|
|
}
|
|
|
|
int end = start + 1;
|
|
- while (fulltext[end] != '\n') end++;
|
|
+ while (end < fulltext.size() && fulltext[end] != '\n') end++;
|
|
|
|
std::string comment = fulltext.substr(start, end - start);
|
|
|