For an empty alias, the check on the last character of the alias in
popstring may read a bogus byte. Fix this by checking whether the
alias is empty or not before reading the last byte.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
---
src/input.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/input.c b/src/input.c
index fb9858f..e56ab5f 100644
--- a/src/input.c
+++ b/src/input.c
@@ -401,7 +401,7 @@ static void popstring(void)
struct strpush *sp = parsefile->strpush;
INTOFF;
- if (sp->ap) {
+ if (sp->ap && parsefile->nextc > sp->string) {
if (parsefile->nextc[-1] == ' ' ||
parsefile->nextc[-1] == '\t') {
checkkwd |= CHKALIAS;
--
2.39.2
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[PATCH] input: Fix potential out-of-bounds read in popstring
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [PATCH] input: Fix potential out-of-bounds read in popstring
- From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
- Date: Thu, 2 May 2024 18:22:20 +0800
- Prev by Date: [v2 PATCH] expand: Fix naked backslah leakage
- Next by Date: [PATCH] mystring: Add a few more uses of snlfmt
- Previous by thread: [v2 PATCH] expand: Fix naked backslah leakage
- Next by thread: [PATCH] mystring: Add a few more uses of snlfmt
- Index(es):
 |