From 02b4ae1953d39f1b6c3f0e63aefb72114039ab50 Mon Sep 17 00:00:00 2001 From: Pavel Zhukov Date: Tue, 22 Jun 2021 06:56:29 +0200 Subject: [PATCH 28/29] Fix for CVE-2021-25217 Cc: pzhukov@redhat.com --- common/parse.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/common/parse.c b/common/parse.c index f17bc0b..4e8b408 100644 --- a/common/parse.c +++ b/common/parse.c @@ -5587,13 +5587,14 @@ int parse_X (cfile, buf, max) skip_to_semi (cfile); return 0; } - convert_num (cfile, &buf [len], val, 16, 8); - if (len++ > max) { + if (len >= max) { parse_warn (cfile, "hexadecimal constant too long."); skip_to_semi (cfile); return 0; } + convert_num (cfile, &buf [len], val, 16, 8); + len++; token = peek_token (&val, (unsigned *)0, cfile); if (token == COLON) token = next_token (&val, -- 2.26.3