summaryrefslogtreecommitdiff
path: root/editors/sed.c
diff options
context:
space:
mode:
authorQuentin Rameau2018-04-01 19:49:58 +0200
committerDenys Vlasenko2018-04-01 19:51:14 +0200
commite2afae6303e871a31a061d03359cfcd5dd86c088 (patch)
tree40482184a4ff53ea4fd3439f96e0e7e967a075cc /editors/sed.c
parent2da9724b56169f00bd7fb6b9a11c9409a7620981 (diff)
downloadbusybox-e2afae6303e871a31a061d03359cfcd5dd86c088.zip
busybox-e2afae6303e871a31a061d03359cfcd5dd86c088.tar.gz
sed: prevent overflow of length from bb_get_chunk_from_file
This fragment did not work right: temp = bb_get_chunk_from_file(fp, &len); if (temp) { /* len > 0 here, it's ok to do temp[len-1] */ char c = temp[len-1]; With "int len" _sign-extending_, temp[len-1] can refer to a wrong location if len > 0x7fffffff. Signed-off-by: Quentin Rameau <quinq@fifth.space> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'editors/sed.c')
-rw-r--r--editors/sed.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/editors/sed.c b/editors/sed.c
index 9d800c2..4702208 100644
--- a/editors/sed.c
+++ b/editors/sed.c
@@ -988,7 +988,7 @@ static void flush_append(char *last_puts_char)
static char *get_next_line(char *gets_char, char *last_puts_char)
{
char *temp = NULL;
- int len;
+ size_t len;
char gc;
flush_append(last_puts_char);