22 lines
584 B
Diff
22 lines
584 B
Diff
Copied from Debian.
|
|
|
|
description: out-of-bounds read
|
|
origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
|
|
|
|
--- a/source/layout/LETableReference.h
|
|
+++ b/source/layout/LETableReference.h
|
|
@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
|
|
}
|
|
|
|
const T& operator()(le_uint32 i, LEErrorCode &success) const {
|
|
- return *getAlias(i,success);
|
|
+ const T *ret = getAlias(i,success);
|
|
+ if (LE_FAILURE(success) || ret==NULL) {
|
|
+ return *(new T());
|
|
+ } else {
|
|
+ return *ret;
|
|
+ }
|
|
}
|
|
|
|
size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {
|