pspp-dump-sav: Better handle unreasonable variable label lengths.

Bug #54725.
Thanks to Peter Lemenkov for reporting this bug.

diff --git a/utilities/pspp-dump-sav.c b/utilities/pspp-dump-sav.c
index f207d8ecbf0f3362f2daf5e4f7d9245714555c86..a10ff148bdc7fa91ce40a45b866ee38099ef6bab 100644 (file)
--- a/utilities/pspp-dump-sav.c
+++ b/utilities/pspp-dump-sav.c
@@ -444,14 +444,12 @@ read_variable_record (struct sfm_reader *r)
   if (has_variable_label == 1)
     {
       long long int offset = ftello (r->file);
-      size_t len;
-      char *label;
+      enum { MAX_LABEL_LEN = 65536 };
 
-      len = read_int (r);
-
-      /* Read up to 255 bytes of label. */
-      label = xmalloc (len + 1);
-      read_string (r, label, len + 1);
+      size_t len = read_int (r);
+      size_t read_len = MIN (MAX_LABEL_LEN, len);
+      char *label = xmalloc (read_len + 1);
+      read_string (r, label, read_len + 1);
       printf("\t%08llx Variable label: \"%s\"\n", offset, label);
       free (label);