projects / oweals / busybox.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2da9724) | patch
sed: prevent overflow of length from bb_get_chunk_from_file
authorQuentin Rameau <quinq@fifth.space>
Sun, 1 Apr 2018 17:49:58 +0000 (19:49 +0200)
committerDenys Vlasenko <vda.linux@googlemail.com>
Sun, 1 Apr 2018 17:51:14 +0000 (19:51 +0200)
commite2afae6303e871a31a061d03359cfcd5dd86c088
tree40482184a4ff53ea4fd3439f96e0e7e967a075cctree | snapshot
parent2da9724b56169f00bd7fb6b9a11c9409a7620981commit | diff
sed: prevent overflow of length from bb_get_chunk_from_file

This fragment did not work right:

                temp = bb_get_chunk_from_file(fp, &len);
                if (temp) {
                        /* len > 0 here, it's ok to do temp[len-1] */
                        char c = temp[len-1];

With "int len" _sign-extending_, temp[len-1] can refer to a wrong location
if len > 0x7fffffff.

Signed-off-by: Quentin Rameau <quinq@fifth.space>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
editors/sed.c diff | blob | history
include/libbb.h diff | blob | history
libbb/get_line_from_file.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.