diff options
author | Allen Winter <allen.winter@kdab.com> | 2022-10-01 09:58:07 -0400 |
---|---|---|
committer | Allen Winter <allen.winter@kdab.com> | 2022-10-01 09:58:07 -0400 |
commit | ca3e2ad983771b90da259994b7a6d7de1fd1abdc (patch) | |
tree | 0b41756f64610fd4a04ceecc421e3ec841c67070 | |
parent | 020c5a2a48f8ce4717968b1d2e2c728a92a77181 (diff) | |
download | libical-git-ca3e2ad983771b90da259994b7a6d7de1fd1abdc.tar.gz |
src/libical/icalparser.c - fix a fuzz issue for integer overflow
-rw-r--r-- | ReleaseNotes.txt | 2 | ||||
-rw-r--r-- | src/libical/icalparser.c | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/ReleaseNotes.txt b/ReleaseNotes.txt index 4d1cad00..11ceac75 100644 --- a/ReleaseNotes.txt +++ b/ReleaseNotes.txt @@ -9,7 +9,7 @@ Version 3.0.15 (UNRELEASED): to work properly between years 1902 and 10k. * Fix x-property comma handling and escaping * Built-in timezones updated to tzdata2022d (now with a VTIMEZONE for each time zone alias) - * Fix a fuzzer issue + * Fix fuzzer issues Version 3.0.14 (05 February 2022): ---------------------------------- diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c index ebb10970..5ddab29b 100644 --- a/src/libical/icalparser.c +++ b/src/libical/icalparser.c @@ -630,6 +630,7 @@ icalcomponent *icalparser_parse(icalparser *parser, icalparser_line_gen_func line_gen_func) { char *line; + unsigned int cnt = 0; icalcomponent *c = 0; icalcomponent *root = 0; icalerrorstate es = icalerror_get_error_state(ICAL_MALFORMEDDATA_ERROR); @@ -640,6 +641,7 @@ icalcomponent *icalparser_parse(icalparser *parser, icalerror_set_error_state(ICAL_MALFORMEDDATA_ERROR, ICAL_ERROR_NONFATAL); do { + cnt++; line = icalparser_get_line(parser, line_gen_func); if ((c = icalparser_add_line(parser, line)) != 0) { @@ -679,7 +681,7 @@ icalcomponent *icalparser_parse(icalparser *parser, icalmemory_free_buffer(line); cont = 1; } - } while (cont); + } while (cont && cnt < TMP_BUF_SIZE); icalerror_set_error_state(ICAL_MALFORMEDDATA_ERROR, es); |