Description: Add check for buffer overflow with malformed input files
 This was later re-found and became CVE-2014-8123. 
Author: <eriks@debian.org>
Bug-Debian: http://bugs.debian.org/407015
Bug-Debian: https://bugs.debian.org/771768
Forwarded: http://seclists.org/oss-sec/2014/q4/870
Last-Update: 2016-01-11

--- antiword-0.37~/wordole.c	2005-08-26 21:49:57.000000000 +0200
+++ antiword-0.37/wordole.c	2009-06-03 22:31:15.948014682 +0200
@@ -259,6 +259,10 @@
 		}
 		tNameSize = (size_t)usGetWord(0x40, aucBytes);
 		tNameSize = (tNameSize + 1) / 2;
+		if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
+			werr(0, "Name Size of PPS %d is too large", iIndex);
+			tNameSize = sizeof(atPPSlist[iIndex].szName);
+		}
 		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
 		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
 		if (atPPSlist[iIndex].ucType == 5) {
></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=7347fb453afd6083fee2130f85ed53b590f31ecb'>refs</a><a class='active' href='/guix/log/tests/bournish.scm'>log</a><a href='/guix/tree/tests/bournish.scm?id=7347fb453afd6083fee2130f85ed53b590f31ecb'>tree</a><a href='/guix/commit/tests/bournish.scm?id=7347fb453afd6083fee2130f85ed53b590f31ecb'>commit</a><a href='/guix/diff/tests/bournish.scm?id=7347fb453afd6083fee2130f85ed53b590f31ecb'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/bournish.scm'>
<input type='hidden' name='id' value='7347fb453afd6083fee2130f85ed53b590f31ecb'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=7347fb453afd6083fee2130f85ed53b590f31ecb'>root</a>/<a href='/guix/log/tests?id=7347fb453afd6083fee2130f85ed53b590f31ecb'>tests</a>/<a href='/guix/log/tests/bournish.scm?id=7347fb453afd6083fee2130f85ed53b590f31ecb'>bournish.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/bournish.scm?id=7347fb453afd6083fee2130f85ed53b590f31ecb&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
3c429b36706c3b29d4128c&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-10-09 01:02:18 +0200'>2021-10-09</span></td><td><a href='/guix/commit/etc/disarchive-manifest.scm?id=2ad1ef844632b7605ad6dd362e947a122a0a3925'>disarchive-manifest: Provide valid 'version' string.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/disarchive-manifest.scm &lt;top level&gt;: Turn 'version' field into a
string.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-09-14 11:50:58 +0200'>2021-09-14</span></td><td><a href='/guix/commit/etc/disarchive-manifest.scm?id=98712c14fe3517a48603a12eb2e64db305a54fe5'>etc: Add 'disarchive-manifest.scm'.</a><span class='msg-avail'>...<span class='msg-tooltip'>* etc/disarchive-manifest.scm: New file.
* Makefile.am (EXTRA_DIST): Add it.
</span></span></td><td>Ludovic Courtès</td></tr>