Module Name: src
Committed By: rillig
Date: Sat Oct 30 17:55:45 UTC 2021
Modified Files:
src/usr.bin/indent: indent.c
Log Message:
indent: prevent buffer overflow in search_stmt_comment
printf '{ if (%010000d) /*comment*/ ; }' '0' | indent
To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 src/usr.bin/indent/indent.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/indent/indent.c
diff -u src/usr.bin/indent/indent.c:1.190 src/usr.bin/indent/indent.c:1.191
--- src/usr.bin/indent/indent.c:1.190 Sat Oct 30 17:18:25 2021
+++ src/usr.bin/indent/indent.c Sat Oct 30 17:55:44 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: indent.c,v 1.190 2021/10/30 17:18:25 rillig Exp $ */
+/* $NetBSD: indent.c,v 1.191 2021/10/30 17:55:44 rillig Exp $ */
/*-
* SPDX-License-Identifier: BSD-4-Clause
@@ -43,7 +43,7 @@ static char sccsid[] = "@(#)indent.c 5.1
#include <sys/cdefs.h>
#if defined(__NetBSD__)
-__RCSID("$NetBSD: indent.c,v 1.190 2021/10/30 17:18:25 rillig Exp $");
+__RCSID("$NetBSD: indent.c,v 1.191 2021/10/30 17:55:44 rillig Exp $");
#elif defined(__FreeBSD__)
__FBSDID("$FreeBSD: head/usr.bin/indent/indent.c 340138 2018-11-04 19:24:49Z oshogbo $");
#endif
@@ -237,8 +237,10 @@ search_stmt_comment(bool *comment_buffer
* (size_t)-1 bytes.
*/
assert((size_t)(inp.s - inp.buf) >= 4);
- memcpy(sc_buf, inp.buf, (size_t)(inp.s - inp.buf) - 4);
- save_com = sc_buf + (inp.s - inp.buf - 4);
+ size_t line_len = (size_t)(inp.s - inp.buf) - 4;
+ assert(line_len < array_length(sc_buf));
+ memcpy(sc_buf, inp.buf, line_len);
+ save_com = sc_buf + line_len;
save_com[0] = save_com[1] = ' ';
sc_end = &save_com[2];
debug_vis_range("search_stmt_comment: before save_com is \"",
