From: JinWang An <jinwang.an@samsung.com>
Date: Mon, 22 Feb 2021 09:47:06 +0000 (+0900)
Subject: [CVE-2016-10713] Fix out-of-bounds access to lines in a patch
X-Git-Tag: submit/tizen_base/20210317.042922^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Fbackup%2Fpatch-2.7-20220120;p=platform%2Fupstream%2Fpatch.git

[CVE-2016-10713] Fix out-of-bounds access to lines in a patch

This bug can trigger with malformed patches.
* src/pch.c (pch_write_line): Avoid out-of-bounds access to
p_line[line][p_len[line] - 1] when p_len[line] is 0.

Change-Id: I9e82bc52555b7de139535280fe96d1a31d196176
Signed-off-by: JinWang An <jinwang.an@samsung.com>
---

diff --git a/src/pch.c b/src/pch.c
index f958b19..0d7769c 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2243,7 +2243,7 @@ pfetch (lin line)
 bool
 pch_write_line (lin line, FILE *file)
 {
-  bool after_newline = p_line[line][p_len[line] - 1] == '\n';
+  bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
   if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
     write_fatal ();
   return after_newline;