The code uses d.Bsize without checking if it's within the range of the slice d.NameBts. A specially crafted ole2 file (Excel sheet) can crash the application by setting a a high number for d.Bsize.
|
func (d *File) Name() string { |
|
runes := utf16.Decode(d.NameBts[:d.Bsize/2-1]) |
|
return string(runes) |
|
} |
The fix is to check the ranges first.
The code uses
d.Bsizewithout checking if it's within the range of the sliced.NameBts. A specially crafted ole2 file (Excel sheet) can crash the application by setting a a high number ford.Bsize.ole2/dir.go
Lines 32 to 35 in d694296
The fix is to check the ranges first.