Copied from Debian. description: out-of-bounds read origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585 --- a/source/layout/LETableReference.h +++ b/source/layout/LETableReference.h @@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO") } const T& operator()(le_uint32 i, LEErrorCode &success) const { - return *getAlias(i,success); + const T *ret = getAlias(i,success); + if (LE_FAILURE(success) || ret==NULL) { + return *(new T()); + } else { + return *ret; + } } size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {