Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/indent indent: prevent buffer overflow in search_stm...
details: https://anonhg.NetBSD.org/src/rev/ff37d4bd8100
branches: trunk
changeset: 990585:ff37d4bd8100
user: rillig <rillig%NetBSD.org@localhost>
date: Sat Oct 30 17:55:44 2021 +0000
description:
indent: prevent buffer overflow in search_stmt_comment
printf '{ if (%010000d) /*comment*/ ; }' '0' | indent
diffstat:
usr.bin/indent/indent.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diffs (31 lines):
diff -r 87d143cee7aa -r ff37d4bd8100 usr.bin/indent/indent.c
--- a/usr.bin/indent/indent.c Sat Oct 30 17:18:25 2021 +0000
+++ b/usr.bin/indent/indent.c Sat Oct 30 17:55:44 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: indent.c,v 1.190 2021/10/30 17:18:25 rillig Exp $ */
+/* $NetBSD: indent.c,v 1.191 2021/10/30 17:55:44 rillig Exp $ */
/*-
* SPDX-License-Identifier: BSD-4-Clause
@@ -43,7 +43,7 @@
#include <sys/cdefs.h>
#if defined(__NetBSD__)
-__RCSID("$NetBSD: indent.c,v 1.190 2021/10/30 17:18:25 rillig Exp $");
+__RCSID("$NetBSD: indent.c,v 1.191 2021/10/30 17:55:44 rillig Exp $");
#elif defined(__FreeBSD__)
__FBSDID("$FreeBSD: head/usr.bin/indent/indent.c 340138 2018-11-04 19:24:49Z oshogbo $");
#endif
@@ -237,8 +237,10 @@
* (size_t)-1 bytes.
*/
assert((size_t)(inp.s - inp.buf) >= 4);
- memcpy(sc_buf, inp.buf, (size_t)(inp.s - inp.buf) - 4);
- save_com = sc_buf + (inp.s - inp.buf - 4);
+ size_t line_len = (size_t)(inp.s - inp.buf) - 4;
+ assert(line_len < array_length(sc_buf));
+ memcpy(sc_buf, inp.buf, line_len);
+ save_com = sc_buf + line_len;
save_com[0] = save_com[1] = ' ';
sc_end = &save_com[2];
debug_vis_range("search_stmt_comment: before save_com is \"",
Home |
Main Index |
Thread Index |
Old Index