Description: Add check for buffer overflow with malformed input files
 This was later re-found and became CVE-2014-8123. 
Author: <eriks@debian.org>
Bug-Debian: http://bugs.debian.org/407015
Bug-Debian: https://bugs.debian.org/771768
Forwarded: http://seclists.org/oss-sec/2014/q4/870
Last-Update: 2016-01-11

--- antiword-0.37~/wordole.c	2005-08-26 21:49:57.000000000 +0200
+++ antiword-0.37/wordole.c	2009-06-03 22:31:15.948014682 +0200
@@ -259,6 +259,10 @@
 		}
 		tNameSize = (size_t)usGetWord(0x40, aucBytes);
 		tNameSize = (tNameSize + 1) / 2;
+		if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
+			werr(0, "Name Size of PPS %d is too large", iIndex);
+			tNameSize = sizeof(atPPSlist[iIndex].szName);
+		}
 		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
 		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
 		if (atPPSlist[iIndex].ucType == 5) {
='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=3278daa726bd9eabe90c1b31ddc007351036c2b4'>refs</a><a class='active' href='/guix/log/m4'>log</a><a href='/guix/tree/m4?id=3278daa726bd9eabe90c1b31ddc007351036c2b4'>tree</a><a href='/guix/commit/m4?id=3278daa726bd9eabe90c1b31ddc007351036c2b4'>commit</a><a href='/guix/diff/m4?id=3278daa726bd9eabe90c1b31ddc007351036c2b4'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/m4'>
<input type='hidden' name='id' value='3278daa726bd9eabe90c1b31ddc007351036c2b4'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=3278daa726bd9eabe90c1b31ddc007351036c2b4'>root</a>/<a href='/guix/log/m4?id=3278daa726bd9eabe90c1b31ddc007351036c2b4'>m4</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/m4?id=3278daa726bd9eabe90c1b31ddc007351036c2b4&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-03-23 23:19:57 -0700'>2021-03-23</span></td><td><a href='/guix/commit/m4?id=a16eb6c5f97f136b678540ba61f12b2c08e43e13'>Add powerpc64le-linux as a supported Guix architecture.</a><span class='msg-avail'>...</span></td><td>Chris Marusich</td></tr>
<tr><td><span title='2021-03-17 12:03:23 +0100'>2021-03-17</span></td><td><a href='/guix/commit/m4?id=62a091368df3bab499142d06f5114a73915c71f2'>maint: Check whether Guile-zlib is recent enough.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-02-04 09:23:39 +0100'>2021-02-04</span></td><td><a href='/guix/commit/m4?id=55daad123e896c0e83361496cf49625289ee3571'>build: Add '--with-channel-commit' and related configure flags.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-12-11 19:06:53 +0100'>2020-12-11</span></td><td><a href='/guix/commit/m4?id=dbdae9f96f11a006993b659e0e7fd5cbf467f844'>maint: Avoid macros obsolete in Autoconf 2.70.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-10-22 17:10:25 +0200'>2020-10-22</span></td><td><a href='/guix/commit/m4?id=59bb1ae3a9aeae75a75b20090253613a7a8800d8'>git: Require Guile-Git 0.3.0 or later.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-09-08 00:47:35 +0200'>2020-09-08</span></td><td><a href='/guix/commit/m4?id=b5eb901ab508e13a10d8c11fe0c9d0d06dddce96'>Remove (guix json) and require Guile-JSON 4.3.0+.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-08-29 16:24:17 +0200'>2020-08-29</span></td><td><a href='/guix/commit/m4?id=f5d3a1690cb78ce9413b78352f1030bf4801617a'>build: Remove check for Guile 2.2.1 bug.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-08-24 13:35:24 +0200'>2020-08-24</span></td><td><a href='/guix/commit/m4?id=4c0c65acfade63ce0549115d19db4b639c1e9992'>Use "guile-zlib" and "guile-lzlib" instead of (guix config).</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-07-20 23:25:09 +0200'>2020-07-20</span></td><td><a href='/guix/commit/m4?id=e8088f0b06c2193f2cce04a48aa1350229442a9f'>ssh: Speed up RPCs by using #:nodelay.</a><span class='msg-avail'>...</span></td><td>Lars-Dominik Braun</td></tr>
<tr><td><span title='2020-05-28 11:12:40 +0300'>2020-05-28</span></td><td><a href='/guix/commit/m4?id=03e6404936ef0974fdbc877d537b97b28e54124d'>doc: Remove explicit support for mips64el-linux.</a><span class='msg-avail'>...</span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2020-05-28 00:55:00 +0200'>2020-05-28</span></td><td><a href='/guix/commit/m4?id=c1dc50ab202fafedde3a6b70ce6339496ad53a51'>maint: Check whether Guile-Gcrypt is recent enough.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-02-22 00:45:58 +0100'>2020-02-22</span></td><td><a href='/guix/commit/m4?id=378918725259d221222dd0b1831fbaa3e0a17e1f'>build: Depend on guile-ssh 0.12.0</a><span class='msg-avail'>...</span></td><td>Lars-Dominik Braun</td></tr>
<tr><td><span title='2019-08-17 19:26:21 +0200'>2019-08-17</span></td><td><a href='/guix/commit/m4?id=611a64bd7e0893057cd04dcdc2a8d5e7ecc39e45'>build: 'GUIX_CHECK_GUILE_JSON' really checks for Guile-JSON 3.x.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-07-25 00:16:41 +0200'>2019-07-25</span></td><td><a href='/guix/commit/m4?id=81c3dc32244a17241d74eea9fa265edfcb326f6d'>maint: Switch to Guile-JSON 3.x.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-05-06 23:21:33 +0200'>2019-05-06</span></td><td><a href='/guix/commit/m4?id=fea338c6ca1922097fa233be85f424c152a4f507'>Add (guix lzlib).</a><span class='msg-avail'>...</span></td><td>Pierre Neidhardt</td></tr>

Age	Commit message (Expand)	Author
2021-03-23	Add powerpc64le-linux as a supported Guix architecture....	Chris Marusich
2021-03-17	maint: Check whether Guile-zlib is recent enough....	Ludovic Courtès
2021-02-04	build: Add '--with-channel-commit' and related configure flags....	Ludovic Courtès
2020-12-11	maint: Avoid macros obsolete in Autoconf 2.70....	Ludovic Courtès
2020-10-22	git: Require Guile-Git 0.3.0 or later....	Ludovic Courtès
2020-09-08	Remove (guix json) and require Guile-JSON 4.3.0+....	Ludovic Courtès
2020-08-29	build: Remove check for Guile 2.2.1 bug....	Ludovic Courtès
2020-08-24	Use "guile-zlib" and "guile-lzlib" instead of (guix config)....	Mathieu Othacehe
2020-07-20	ssh: Speed up RPCs by using #:nodelay....	Lars-Dominik Braun
2020-05-28	doc: Remove explicit support for mips64el-linux....	Efraim Flashner
2020-05-28	maint: Check whether Guile-Gcrypt is recent enough....	Ludovic Courtès
2020-02-22	build: Depend on guile-ssh 0.12.0...	Lars-Dominik Braun
2019-08-17	build: 'GUIX_CHECK_GUILE_JSON' really checks for Guile-JSON 3.x....	Ludovic Courtès
2019-07-25	maint: Switch to Guile-JSON 3.x....	Ludovic Courtès
2019-05-06	Add (guix lzlib)....	Pierre Neidhardt