summary refs log tree commit diff
path: root/gnu/packages/patches/icu4c-CVE-2014-6585.patch
blob: d21a0d0ba180567bbe487e7f548a3d1e00ff5c86 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Copied from Debian.

description: out-of-bounds read
origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585

--- a/source/layout/LETableReference.h
+++ b/source/layout/LETableReference.h
@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
   }
   
   const T& operator()(le_uint32 i, LEErrorCode &success) const {
-    return *getAlias(i,success);
+    const T *ret = getAlias(i,success);
+    if (LE_FAILURE(success) || ret==NULL) {
+      return *(new T());
+    } else {
+      return *ret;
+    }
   }
 
   size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {