From e2afae6303e871a31a061d03359cfcd5dd86c088 Mon Sep 17 00:00:00 2001 From: Quentin Rameau Date: Sun, 1 Apr 2018 19:49:58 +0200 Subject: sed: prevent overflow of length from bb_get_chunk_from_file This fragment did not work right: temp = bb_get_chunk_from_file(fp, &len); if (temp) { /* len > 0 here, it's ok to do temp[len-1] */ char c = temp[len-1]; With "int len" _sign-extending_, temp[len-1] can refer to a wrong location if len > 0x7fffffff. Signed-off-by: Quentin Rameau Signed-off-by: Denys Vlasenko --- include/libbb.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/libbb.h b/include/libbb.h index fa87843..309c587 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -911,7 +911,7 @@ extern void xprint_and_close_file(FILE *file) FAST_FUNC; * end of line. If end isn't NULL, length of the chunk is stored in it. * Returns NULL if EOF/error. */ -extern char *bb_get_chunk_from_file(FILE *file, int *end) FAST_FUNC; +extern char *bb_get_chunk_from_file(FILE *file, size_t *end) FAST_FUNC; /* Reads up to (and including) TERMINATING_STRING: */ extern char *xmalloc_fgets_str(FILE *file, const char *terminating_string) FAST_FUNC RETURNS_MALLOC; /* Same, with limited max size, and returns the length (excluding NUL): */ -- cgit v1.1