diff options
author | Chris Down <chris@chrisdown.name> | 2020-05-13 12:20:53 +0100 |
---|---|---|
committer | Hiltjo Posthuma <hiltjo@codemadness.org> | 2020-05-14 11:43:34 +0200 |
commit | 2649e8d5334f7e37a1710c60fb740ecfe91b9f9e (patch) | |
tree | 36d235c6bec798d085e776869470d87b6f8330bc /patches/sent-progress-bar-1.0.diff | |
parent | 72d33d463fed7ba271961a6f91cae1fed8faa454 (diff) |
Avoid out-of-bounds access when a slide input line begins with \0
If we read in a line with \0 at the beginning, blen will be 0. However,
we then try to index our copy of the buffer with
s->lines[s->linecount][blen-1], we'll read (and potentially write if the
data happens to be 0x0A) outside of strdup's allocated memory, and may
crash.
Fix this by just rejecting lines with a leading \0. Lines with nulls
embedded in other places don't invoke similar behaviour, since the
length is still >0.
Diffstat (limited to 'patches/sent-progress-bar-1.0.diff')
0 files changed, 0 insertions, 0 deletions