blob: d21a0d0ba180567bbe487e7f548a3d1e00ff5c86 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Copied from Debian.
description: out-of-bounds read
origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
--- a/source/layout/LETableReference.h
+++ b/source/layout/LETableReference.h
@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
}
const T& operator()(le_uint32 i, LEErrorCode &success) const {
- return *getAlias(i,success);
+ const T *ret = getAlias(i,success);
+ if (LE_FAILURE(success) || ret==NULL) {
+ return *(new T());
+ } else {
+ return *ret;
+ }
}
size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {
|