From: Ben Pfaff <blp@cs.stanford.edu>
Date: Wed, 26 Sep 2018 21:04:08 +0000 (-0700)
Subject: pspp-dump-sav: Better handle unreasonable variable label lengths.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00d2e45ba05db247c6799371cd45ee78089eeb36;p=pspp

pspp-dump-sav: Better handle unreasonable variable label lengths.

Bug #54725.
Thanks to Peter Lemenkov for reporting this bug.
---

diff --git a/utilities/pspp-dump-sav.c b/utilities/pspp-dump-sav.c
index f207d8ecbf..a10ff148bd 100644
--- a/utilities/pspp-dump-sav.c
+++ b/utilities/pspp-dump-sav.c
@@ -444,14 +444,12 @@ read_variable_record (struct sfm_reader *r)
   if (has_variable_label == 1)
     {
       long long int offset = ftello (r->file);
-      size_t len;
-      char *label;
+      enum { MAX_LABEL_LEN = 65536 };
 
-      len = read_int (r);
-
-      /* Read up to 255 bytes of label. */
-      label = xmalloc (len + 1);
-      read_string (r, label, len + 1);
+      size_t len = read_int (r);
+      size_t read_len = MIN (MAX_LABEL_LEN, len);
+      char *label = xmalloc (read_len + 1);
+      read_string (r, label, read_len + 1);
       printf("\t%08llx Variable label: \"%s\"\n", offset, label);
       free (label);