devilhorns pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=8780f311eaa10d6659bcaa2c9ef490c4e7356866
commit 8780f311eaa10d6659bcaa2c9ef490c4e7356866 Author: Stefan Schmidt <[email protected]> Date: Fri Nov 15 11:55:47 2019 -0500 examples: efl_exe: fix out of bounds write Summary: Buf is 4096 in size and rw_slice.len also evaluates to 4096. Write at the last byte and not over bound instead. CID: 1403895 Reviewers: raster, bu5hm4n, devilhorns Reviewed By: devilhorns Subscribers: cedric, #reviewers, #committers Tags: #efl Differential Revision: https://phab.enlightenment.org/D10682 --- src/examples/ecore/efl_exe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/examples/ecore/efl_exe.c b/src/examples/ecore/efl_exe.c index 1458d0630d..eb85eca387 100644 --- a/src/examples/ecore/efl_exe.c +++ b/src/examples/ecore/efl_exe.c @@ -21,7 +21,7 @@ _read_change(void *data EINA_UNUSED, const Efl_Event *ev) Eina_Error err = efl_io_reader_read(obj, &rw_slice); if (!err) { - buf[rw_slice.len] = 0; + buf[rw_slice.len - 1] = 0; printf("--- READ [%p] [%s] ok %i bytes '%s'\n", obj, efl_core_command_line_command_get(obj), (int)rw_slice.len, buf); } } --
