From c9a4a730d3bdf145cdb2c9e305ded7e76d65fe9c Mon Sep 17 00:00:00 2001
From: Adam Domurad <adomurad@redhat.com>
Date: Tue, 7 Aug 2012 10:57:02 -0400
Subject: Fixes PR1106, buffer overflow in plugin table

---
 plugin/icedteanp/IcedTeaNPPlugin.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'plugin/icedteanp/IcedTeaNPPlugin.cc')

diff --git a/plugin/icedteanp/IcedTeaNPPlugin.cc b/plugin/icedteanp/IcedTeaNPPlugin.cc
index d8b8948..1012812 100644
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc
@@ -2043,8 +2043,13 @@ initialize_browser_functions(const NPNetscapeFuncs* browserTable)
 
   //Ensure any unused fields are NULL
   memset(&browser_functions, 0, sizeof(NPNetscapeFuncs));
+
+  //browserTable->size can be larger than sizeof(NPNetscapeFuncs) (PR1106)
+  size_t copySize = browserTable->size < sizeof(NPNetscapeFuncs) ?
+                    browserTable->size : sizeof(NPNetscapeFuncs);
+
   //Copy fields according to given size
-  memcpy(&browser_functions, browserTable, browserTable->size);
+  memcpy(&browser_functions, browserTable, copySize);
 
   return true;
 }
-- 
cgit v1.2.3