* mdocml: When a string comparison condition contains no mismatching
@ 2014-12-16 3:53 schwarze
0 siblings, 0 replies; only message in thread
From: schwarze @ 2014-12-16 3:53 UTC (permalink / raw)
To: source
Log Message:
-----------
When a string comparison condition contains no mismatching character
but ends without the final delimiter, the parse point was advanced
one character too far and the invalid pointer returned to the
caller of roff_parseln(). Later use could potentially advance
the pointer even further and maybe even write to it.
Fixing a buffer overrun found by jsg@ with afl (the most severe so far).
Modified Files:
--------------
mdocml:
roff.c
Revision Data
-------------
Index: roff.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/roff.c,v
retrieving revision 1.241
retrieving revision 1.242
diff -Lroff.c -Lroff.c -u -p -r1.241 -r1.242
--- roff.c
+++ roff.c
@@ -1236,7 +1236,7 @@ roff_evalstrcond(const char *v, int *pos
out:
if (NULL == s3)
s3 = strchr(s2, '\0');
- else
+ else if (*s3 != '\0')
s3++;
*pos = s3 - v;
return(match);
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-12-16 3:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-16 3:53 mdocml: When a string comparison condition contains no mismatching schwarze
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).