diff options
author | Quentin Rameau | 2018-04-01 19:49:58 +0200 |
---|---|---|
committer | Denys Vlasenko | 2018-04-01 19:51:14 +0200 |
commit | e2afae6303e871a31a061d03359cfcd5dd86c088 (patch) | |
tree | 40482184a4ff53ea4fd3439f96e0e7e967a075cc /include | |
parent | 2da9724b56169f00bd7fb6b9a11c9409a7620981 (diff) | |
download | busybox-e2afae6303e871a31a061d03359cfcd5dd86c088.zip busybox-e2afae6303e871a31a061d03359cfcd5dd86c088.tar.gz |
sed: prevent overflow of length from bb_get_chunk_from_file
This fragment did not work right:
temp = bb_get_chunk_from_file(fp, &len);
if (temp) {
/* len > 0 here, it's ok to do temp[len-1] */
char c = temp[len-1];
With "int len" _sign-extending_, temp[len-1] can refer to a wrong location
if len > 0x7fffffff.
Signed-off-by: Quentin Rameau <quinq@fifth.space>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/libbb.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/libbb.h b/include/libbb.h index fa87843..309c587 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -911,7 +911,7 @@ extern void xprint_and_close_file(FILE *file) FAST_FUNC; * end of line. If end isn't NULL, length of the chunk is stored in it. * Returns NULL if EOF/error. */ -extern char *bb_get_chunk_from_file(FILE *file, int *end) FAST_FUNC; +extern char *bb_get_chunk_from_file(FILE *file, size_t *end) FAST_FUNC; /* Reads up to (and including) TERMINATING_STRING: */ extern char *xmalloc_fgets_str(FILE *file, const char *terminating_string) FAST_FUNC RETURNS_MALLOC; /* Same, with limited max size, and returns the length (excluding NUL): */ |