Fixes PR1106, buffer overflow in plugin table

1 files changed, 6 insertions, 1 deletions

diff --git a/plugin/icedteanp/IcedTeaNPPlugin.cc b/plugin/icedteanp/IcedTeaNPPlugin.cc
index d8b8948..1012812 100644
--- a/plugin/icedteanp/IcedTeaNPPlugin.cc
+++ b/plugin/icedteanp/IcedTeaNPPlugin.cc
@@ -2043,8 +2043,13 @@ initialize_browser_functions(const NPNetscapeFuncs* browserTable)
 
   //Ensure any unused fields are NULL
   memset(&browser_functions, 0, sizeof(NPNetscapeFuncs));
+
+  //browserTable->size can be larger than sizeof(NPNetscapeFuncs) (PR1106)
+  size_t copySize = browserTable->size < sizeof(NPNetscapeFuncs) ?
+                    browserTable->size : sizeof(NPNetscapeFuncs);
+
   //Copy fields according to given size
-  memcpy(&browser_functions, browserTable, browserTable->size);
+  memcpy(&browser_functions, browserTable, copySize);
 
   return true;
 }