From: John Darrington <john@darrington.wattle.id.au>
Date: Tue, 16 May 2017 10:53:35 +0000 (+0200)
Subject: Fix buffer overflow which could occur if the matrix reader encounters a badly formed... 
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0e0cabc772b5f3a416e1e4e1dc021e196ac2c443;p=pspp

Fix buffer overflow which could occur if the matrix reader encounters a badly formed file.
---

diff --git a/src/language/data-io/matrix-reader.c b/src/language/data-io/matrix-reader.c
index 861937d32c..284ec6f931 100644
--- a/src/language/data-io/matrix-reader.c
+++ b/src/language/data-io/matrix-reader.c
@@ -77,7 +77,6 @@ s_0 ROWTYPE_   VARNAME_   v_0         v_1         v_2
 
 struct matrix_reader
 {
-  const struct dictionary *dict;
   const struct variable *varname;
   const struct variable *rowtype;
   struct casegrouper *grouper;
@@ -96,7 +95,6 @@ create_matrix_reader_from_case_reader (const struct dictionary *dict, struct cas
 {
   struct matrix_reader *mr = xzalloc (sizeof *mr);
 
-  mr->dict = dict;
   mr->varname = dict_lookup_var (dict, "varname_");
   if (mr->varname == NULL)
     {
@@ -207,7 +205,7 @@ next_matrix_from_reader (struct matrix_material *mm,
       char s[w];
       memset (s, 0, w);
       const char *name = var_get_name (vars[i]);
-      strcpy (s, name);
+      strncpy (s, name, w);
       unsigned long h = hash_bytes (s, w, 0);
       table[i] = h;
     }
diff --git a/tests/language/data-io/matrix-data.at b/tests/language/data-io/matrix-data.at
index 058dc3f08e..c015bca39f 100644
--- a/tests/language/data-io/matrix-data.at
+++ b/tests/language/data-io/matrix-data.at
@@ -400,3 +400,30 @@ matrix-data.pspp:20: error: EXECUTE: EXECUTE is allowed only after the active da
 
 
 AT_CLEANUP
+
+
+
+
+AT_SETUP([Matrix data (badly formed)])
+
+AT_DATA([data.pspp], [dnl
+data list list /ROWTYPE_ (a8) VARNAME_(a4) v1 v2 v3 v4xxxxxxxxxxxxxxxxxxxxxzzzzzzzzzzzzzxxxxxxxxx.
+begin data
+mean ""                          1 2 3 4
+sd   ""                          5 6 7 8
+n    ""                          2 3 4 5
+corr v1                          11 22 33 44
+corr v2                          55 66 77 88
+corr v3                          111 222 333 444
+corr v4                           4 3 21 1
+end data.
+
+list.
+
+factor matrix=in(corr = *)
+	.
+])
+
+AT_CHECK([pspp -O format=csv data.pspp], [1], [ignore])
+
+AT_CLEANUP
\ No newline at end of file