[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 1/2] printf: fix heap buffer overflow in printf_builtin
|
From: |
Andrey Kovalev |
|
Subject: |
[PATCH 1/2] printf: fix heap buffer overflow in printf_builtin |
|
Date: |
Thu, 29 Aug 2024 17:21:59 +0300 |
In the loop, when iterating through the array, there was no check whether an
element of the array goes beyond its limits. And with certain input data,
there is an outflow from the array.
---
builtins/printf.def | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/builtins/printf.def b/builtins/printf.def
index 84658c39..23cb8cd1 100644
--- a/builtins/printf.def
+++ b/builtins/printf.def
@@ -338,7 +338,7 @@ printf_builtin (list)
{
tw = 0;
/* find next format specification */
- for (fmt = format; *fmt; fmt++)
+ for (fmt = format; fmt - format < strlen(format); fmt++)
{
precision = fieldwidth = 0;
have_fieldwidth = have_precision = altform = 0;
@@ -489,7 +489,7 @@ printf_builtin (list)
*t++ = *fmt++;
}
*t = '\0';
- if (*++fmt != 'T')
+ if (fmt - format < strlen(format)-1 && *++fmt != 'T')
{
builtin_warning (_("`%c': invalid time format
specification"), *fmt);
fmt = start;
--
2.42.2