buffer overflows in libhtml/lex.c and cmd/htmlroff/roff.c

9fans / plan9port

Plan 9 from User Space

https://9fans.github.io/plan9port/

Other

1.64k stars 326 forks source link

Closed Rei-sen closed 2 years ago

Rei-sen commented 4 years ago

_readx() uses length as its argument and not size, getplaindata() should check if j == length -1

dancrossnyc commented 2 years ago

Fixed in 0144f87dc6c7f2f6becbd55519e433a9b36a466f and 4056d6be4d0fca6fc5e6ccfd24ff4785db9fec15.