File fix-buffer-overflow-print_comment.patch of Package indent

Overview Repositories Revisions Requests Users Attributes Meta

File fix-buffer-overflow-print_comment.patch of Package indent

From 02cd75a75903122c503bb6f43ef09c1e70b283eb Mon Sep 17 00:00:00 2001
From: Dan Collins <dcollinsn@gmail.com>
Date: Sun, 9 Aug 2020 20:26:37 +0200
Subject: Fix buffer overflow

Normally the CHECK_COM_SIZE macro is used to ensure that there is
enough space for whatever is being written to combuf, reallocating
if necessary. However, it is possible to pass through the entire
print_comment function without calling CHECK_COM_SIZE, while still
adding two characters to the buffer. In the case of nested comments,
this overflows the buffer.

Add another call to CHECK_COM_SIZE in the appropriate section of
print_comment.

Bug: #58924
---
 src/comments.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/comments.c b/src/comments.c
index 76ce407..1482dd2 100644
--- a/src/comments.c
+++ b/src/comments.c
@@ -412,6 +412,7 @@ extern void print_comment(
   /* Output the beginning comment delimiter.  They are both two
    * characters long. */
 
+   CHECK_COM_SIZE(2);
    *e_com++ = *start_delim;
    *e_com++ = *(start_delim + 1);
    column = start_column + 2;
-- 
cgit v1.1

Places

File fix-buffer-overflow-print_comment.patch of Package indent

Places