Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

fedora 24
buffer weakness #15

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

djvulibre-3.5.25/libdjvu/UnicodeByteStream.cpp

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 buffer weakness.

   return *this;
}

int 
UnicodeByteStream::seek
(long offset, int whence, bool nothrow)
{
  int retval=bs->seek(offset,whence,nothrow);
  bufferpos=0;
  buffer=GUTF8String::create(0,0,buffer.get_remainder());
  return retval;
}

void 
UnicodeByteStream::flush(void)
{
  bs->flush();
  bufferpos=0;
  buffer=GUTF8String::create(0,0,buffer.get_remainder());
}



GUTF8String
UnicodeByteStream::gets(
  size_t const t,unsigned long const stopat,bool const inclusive)
{
  GUTF8String retval;
  unsigned int len=buffer.length()-bufferpos;
  if(!len)
  {
    int i;
    char *buf;
  	static const size_t bufsize=327680;
    GPBuffer<char> gbuf(buf,bufsize);
    while((i=read(buf,bufsize)>0))
    {
      if((len=buffer.length()-bufferpos))
        break;
    }
  }
  if(len)
  {
    int i=buffer.search((char)stopat,bufferpos);
    if(i>=0)
    {
      if(inclusive)
      {
        ++i;
      } 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.