projects / platform / upstream / patch.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c2e211)
[CVE-2016-10713] Fix out-of-bounds access to lines in a patch accepted/tizen_6.5_base accepted/tizen_6.5_base_tool backup/patch-2.7-20220120 tizen_6.5_base accepted/tizen/6.5/base/20230714.002619 accepted/tizen/6.5/base/tool/20211027.120430 accepted/tizen/6.5/base/tool/20220530.211717 accepted/tizen/base/tool/20210324.043643 submit/tizen_6.5_base/20211026.180901 submit/tizen_6.5_base/20211027.183101 submit/tizen_6.5_base/20211027.201001 submit/tizen_6.5_base/20220526.031900 submit/tizen_base/20210317.042922 tizen_6.5.m2_release
authorJinWang An <jinwang.an@samsung.com>
Mon, 22 Feb 2021 09:47:06 +0000 (18:47 +0900)
committerJinWang An <jinwang.an@samsung.com>
Wed, 17 Mar 2021 04:22:31 +0000 (13:22 +0900)
This bug can trigger with malformed patches.
* src/pch.c (pch_write_line): Avoid out-of-bounds access to
p_line[line][p_len[line] - 1] when p_len[line] is 0.

Change-Id: I9e82bc52555b7de139535280fe96d1a31d196176
Signed-off-by: JinWang An <jinwang.an@samsung.com>
src/pch.c patch | blob | history

diff --git a/src/pch.c b/src/pch.c
index f958b1924b46f56c109e535f07973463ebaa275d..0d7769c40460c658059a5deeabdcde61614fdb79 100644 (file)
--- a/src/pch.c
+++ b/src/pch.c
@@ -2243,7 +2243,7 @@ pfetch (lin line)
 bool
 pch_write_line (lin line, FILE *file)
 {
-  bool after_newline = p_line[line][p_len[line] - 1] == '\n';
+  bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
   if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
     write_fatal ();
   return after_newline;
Domain: System / Base;