Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.bin/indent indent: prevent buffer overflow in search_stm...



details:   https://anonhg.NetBSD.org/src/rev/ff37d4bd8100
branches:  trunk
changeset: 990585:ff37d4bd8100
user:      rillig <rillig%NetBSD.org@localhost>
date:      Sat Oct 30 17:55:44 2021 +0000

description:
indent: prevent buffer overflow in search_stmt_comment

printf '{ if (%010000d) /*comment*/ ; }' '0' | indent

diffstat:

 usr.bin/indent/indent.c |  10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diffs (31 lines):

diff -r 87d143cee7aa -r ff37d4bd8100 usr.bin/indent/indent.c
--- a/usr.bin/indent/indent.c   Sat Oct 30 17:18:25 2021 +0000
+++ b/usr.bin/indent/indent.c   Sat Oct 30 17:55:44 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: indent.c,v 1.190 2021/10/30 17:18:25 rillig Exp $      */
+/*     $NetBSD: indent.c,v 1.191 2021/10/30 17:55:44 rillig Exp $      */
 
 /*-
  * SPDX-License-Identifier: BSD-4-Clause
@@ -43,7 +43,7 @@
 
 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__RCSID("$NetBSD: indent.c,v 1.190 2021/10/30 17:18:25 rillig Exp $");
+__RCSID("$NetBSD: indent.c,v 1.191 2021/10/30 17:55:44 rillig Exp $");
 #elif defined(__FreeBSD__)
 __FBSDID("$FreeBSD: head/usr.bin/indent/indent.c 340138 2018-11-04 19:24:49Z oshogbo $");
 #endif
@@ -237,8 +237,10 @@
         * (size_t)-1 bytes.
         */
        assert((size_t)(inp.s - inp.buf) >= 4);
-       memcpy(sc_buf, inp.buf, (size_t)(inp.s - inp.buf) - 4);
-       save_com = sc_buf + (inp.s - inp.buf - 4);
+       size_t line_len = (size_t)(inp.s - inp.buf) - 4;
+       assert(line_len < array_length(sc_buf));
+       memcpy(sc_buf, inp.buf, line_len);
+       save_com = sc_buf + line_len;
        save_com[0] = save_com[1] = ' ';
        sc_end = &save_com[2];
        debug_vis_range("search_stmt_comment: before save_com is \"",



Home | Main Index | Thread Index | Old Index