Fix a buffer overflow

It happens if raw_str_used underflows and ends up a very large number, which is then used as the size of a string. Closes WizardMac#285.
gaborcsardi · Feb 9, 2024 · d9b3c92 · d9b3c92
1 parent 4926250
commit d9b3c92
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/spss/readstat_sav_read.c b/src/spss/readstat_sav_read.c
@@ -717,7 +717,7 @@ static readstat_error_t sav_process_row(unsigned char *buffer, size_t buffer_len
             }
             if (++offset == col_info->width) {
                 if (++segment_offset < var_info->n_segments) {
-                    raw_str_used--;
+                    if (raw_str_used > 0) raw_str_used--;
                 }
                 offset = 0;
                 col++;