* [PR PATCH] Fix Out-of-Bounds Array Access in parse_parent
@ 2025-04-07 2:02 R3x
2025-04-07 10:10 ` [PR PATCH] [Closed]: " leahneukirchen
2025-04-07 10:10 ` leahneukirchen
0 siblings, 2 replies; 3+ messages in thread
From: R3x @ 2025-04-07 2:02 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 638 bytes --]
There is a new pull request by R3x against master on the mblaze repository
https://github.com/R3x/mblaze R3x-patch-1
https://github.com/leahneukirchen/mblaze/pull/269
Fix Out-of-Bounds Array Access in parse_parent
Hello, submitting a patch to a Out-of-Bounds Array Access that I found.
If the case `while (*s && iswsp(*s)) {` is not satisfied, the value of the variable `ident` remains 0.
This will make the access `previndent[ident - 1]` to `previndent[-1]` which will lead to undefined behaviour.
The patch adds a check before the call.
A patch file from https://github.com/leahneukirchen/mblaze/pull/269.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-R3x-patch-1-269.patch --]
[-- Type: text/x-diff, Size: 637 bytes --]
From 70f0548a256240465f4c9caa29e861861bc86af2 Mon Sep 17 00:00:00 2001
From: Siddharth M <siddharth.muralee@gmail.com>
Date: Sun, 6 Apr 2025 21:56:04 -0400
Subject: [PATCH] Fix bug in seq.c
---
seq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/seq.c b/seq.c
index 5d982846..e5fa0b17 100644
--- a/seq.c
+++ b/seq.c
@@ -326,7 +326,7 @@ parse_parent(char *map, long *starto, long *stopo)
indent = 255;
previndent[indent] = line;
if (line == *starto) {
- if (previndent[indent-1]) {
+ if (indent > 0 && previndent[indent-1]) {
*starto = *stopo = previndent[indent-1];
return 0;
} else {
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PR PATCH] [Closed]: Fix Out-of-Bounds Array Access in parse_parent
2025-04-07 2:02 [PR PATCH] Fix Out-of-Bounds Array Access in parse_parent R3x
@ 2025-04-07 10:10 ` leahneukirchen
2025-04-07 10:10 ` leahneukirchen
1 sibling, 0 replies; 3+ messages in thread
From: leahneukirchen @ 2025-04-07 10:10 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 503 bytes --]
There's a closed pull request on the mblaze repository
Fix Out-of-Bounds Array Access in parse_parent
https://github.com/leahneukirchen/mblaze/pull/269
Description:
Hello, submitting a patch to a Out-of-Bounds Array Access that I found.
If the case `while (*s && iswsp(*s)) {` is not satisfied, the value of the variable `ident` remains 0.
This will make the access `previndent[ident - 1]` to `previndent[-1]` which will lead to undefined behaviour.
The patch adds a check before the call.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Fix Out-of-Bounds Array Access in parse_parent
2025-04-07 2:02 [PR PATCH] Fix Out-of-Bounds Array Access in parse_parent R3x
2025-04-07 10:10 ` [PR PATCH] [Closed]: " leahneukirchen
@ 2025-04-07 10:10 ` leahneukirchen
1 sibling, 0 replies; 3+ messages in thread
From: leahneukirchen @ 2025-04-07 10:10 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 163 bytes --]
New comment by leahneukirchen on mblaze repository
https://github.com/leahneukirchen/mblaze/pull/269#issuecomment-2782804111
Comment:
Thanks, closed in 261fa34.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-04-07 10:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-04-07 2:02 [PR PATCH] Fix Out-of-Bounds Array Access in parse_parent R3x
2025-04-07 10:10 ` [PR PATCH] [Closed]: " leahneukirchen
2025-04-07 10:10 ` leahneukirchen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).