From 583592684cdaff9c7832c669656d5614f398af01 Mon Sep 17 00:00:00 2001
From: JinWang An <jinwang.an@samsung.com>
Date: Mon, 22 Feb 2021 18:47:06 +0900
Subject: [PATCH] [CVE-2016-10713] Fix out-of-bounds access to lines in a patch

This bug can trigger with malformed patches.
* src/pch.c (pch_write_line): Avoid out-of-bounds access to
p_line[line][p_len[line] - 1] when p_len[line] is 0.

Change-Id: I9e82bc52555b7de139535280fe96d1a31d196176
Signed-off-by: JinWang An <jinwang.an@samsung.com>
---
 src/pch.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pch.c b/src/pch.c
index f958b19..0d7769c 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2243,7 +2243,7 @@ pfetch (lin line)
 bool
 pch_write_line (lin line, FILE *file)
 {
-  bool after_newline = p_line[line][p_len[line] - 1] == '\n';
+  bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
   if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
     write_fatal ();
   return after_newline;
-- 
2.34.1