d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

indent(1): Avoid out-of-bound accesses of arrays.

Browse Source 
ps.paren_indents:
When ps.paren_level was 0, this was accessing paren_indents[-1].

in_buffer:
This fragment checks if "*/" was read, but there's no guarantee that there
is more than one byte in the array (actually, this happens frequently for
the "{" in things like "int main(void) {").

Submitted by:	 Piotr Stefaniak
This commit is contained in:
Pedro F. Giffuni 2016-12-02 16:41:08 +00:00
parent df54a266d3
commit 0bae80a336
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
usr.bin/indent/io.c
View File

@ -278,7 +278,8 @@ inhibit_newline:
*(e_com = s_com = combuf + 1) = '\0';
ps.ind_level = ps.i_l_follow;
ps.paren_level = ps.p_l_follow;
paren_target = -ps.paren_indents[ps.paren_level - 1];
if (ps.paren_level > 0)
paren_target = -ps.paren_indents[ps.paren_level - 1];
not_first_line = 1;
}
@ -371,7 +372,7 @@ fill_buffer(void)
}
buf_ptr = in_buffer;
buf_end = p;
if (p[-2] == '/' && p[-3] == '*') {
if (p - in_buffer > 2 && p[-2] == '/' && p[-3] == '*') {
if (in_buffer[3] == 'I' && strncmp(in_buffer, "/**INDENT**", 11) == 0)
fill_buffer(); /* flush indent error message */
else {