gbranden pushed a commit to branch master
in repository groff.
commit 2248cf30f12892931e8df391578aa7627d7c8d1c
Author: G. Branden Robinson <[email protected]>
AuthorDate: Wed Aug 7 02:08:17 2024 -0500
[troff]: Fix Savannah #66052 (2/2).
* src/roff/troff/input.cpp (temp_iterator::temp_iterator): Prevent
potential heap overreads. Ensure that temporary iterators are
null-terminated when constructing them.
Fixes <https://savannah.gnu.org/bugs/?66052> (2/2). Thanks to Lukas
Javorsky for identifying the problem using "SAST analyzers {combination
of coverity, snyk, cppcheck, gcc, clang, shellcheck, unicontrol}".
---
ChangeLog | 13 +++++++++++++
src/roff/troff/input.cpp | 3 ++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index bb12c124a..ad82c3893 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2024-08-07 G. Branden Robinson <[email protected]>
+
+ [troff]: Fix Savannah #66052 (2/2).
+
+ * src/roff/troff/input.cpp (temp_iterator::temp_iterator):
+ Prevent potential heap overreads. Ensure that temporary
+ iterators are null-terminated when constructing them.
+
+ Fixes <https://savannah.gnu.org/bugs/?66052> (2/2). Thanks to
+ Lukas Javorsky for identifying the problem using "SAST analyzers
+ {combination of coverity, snyk, cppcheck, gcc, clang,
+ shellcheck, unicontrol}".
+
2024-08-07 G. Branden Robinson <[email protected]>
[troff]: Fix Savannah #66052 (1/2).
diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp
index 4f2c89c71..50ec6a334 100644
--- a/src/roff/troff/input.cpp
+++ b/src/roff/troff/input.cpp
@@ -3750,8 +3750,9 @@ temp_iterator::temp_iterator(const char *s, int len)
: base(0 /* nullptr */)
{
if (len > 0) {
- base = new unsigned char[len];
+ base = new unsigned char[len + 1];
memcpy(base, s, len);
+ base[len] = '\0';
ptr = base;
eptr = base + len;
}
_______________________________________________
Groff-commit mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/groff-commit
