[PATCH 2/2] printf: fix heap buffer overflow in bexpand

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 2/2] printf: fix heap buffer overflow in bexpand

From:	Andrey Kovalev
Subject:	[PATCH 2/2] printf: fix heap buffer overflow in bexpand
Date:	Thu, 29 Aug 2024 17:23:08 +0300

In the loop, when iterating through the array, there was no check whether an
element of the array goes beyond its limits. And with certain input data,
there is an outflow from the array.

---
 builtins/printf.def | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtins/printf.def b/builtins/printf.def
index 23cb8cd1..81f63e33 100644
--- a/builtins/printf.def
+++ b/builtins/printf.def
@@ -1024,7 +1024,7 @@ bexpand (string, len, sawc, lenp)
     }
 
   ret = (char *)xmalloc (len + 1);
-  for (r = ret, s = string; s && *s; )
+  for (r = ret, s = string; s && *s && r - ret < len; )
     {
       c = *s++;
       if (c != '\\' || *s == '\0')
-- 
2.42.2

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 2/2] printf: fix heap buffer overflow in bexpand, Andrey Kovalev <=

Prev by Date: [PATCH 2/2] printf: fix heap buffer overflow in bexpand
Next by Date: Re: [PATCH 1/2] printf: fix heap buffer overflow in printf_builtin
Previous by thread: [PATCH 1/2] printf: fix heap buffer overflow in printf_builtin
Next by thread: [bug #66154] documentation bug about "$?"
Index(es):
- Date
- Thread