From 129b7e2b444376765754edb87100b8b6ab552276 Mon Sep 17 00:00:00 2001 From: Jim Warner Date: Fri, 18 May 2018 00:00:00 -0500 Subject: [PATCH] top: Prevent out-of-bounds writes in PUFF(). __Tweaked This commit moves some overhead to the Batch mode path where it's needed. And given the new 'else if' test we can delete some now redundant logic in the other path. Reference(s): . original qualys patch 0117-top-Prevent-out-of-bounds-writes-in-PUFF.patch commit 059ae8b512151c6390ec8430533555979cf2f183 Signed-off-by: Jim Warner --- top/top.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/top/top.h b/top/top.h index 205b3d28..54b1e0d6 100644 --- a/top/top.h +++ b/top/top.h @@ -546,14 +546,13 @@ typedef struct WIN_t { . assumed to represent a complete screen ROW . subject to optimization, thus MAY be discarded */ #define PUFF(fmt,arg...) do { \ - char _str[ROWMAXSIZ], *_eol; \ + char _str[ROWMAXSIZ]; \ const int _len = snprintf(_str, sizeof(_str), fmt, ## arg); \ - _eol = _str + (_len < 0 ? 0 : (size_t)_len >= sizeof(_str) ? sizeof(_str)-1 : (size_t)_len); \ if (Batch) { \ + char *_eol = _str + (_len < 0 ? 0 : (size_t)_len >= sizeof(_str) ? sizeof(_str)-1 : (size_t)_len); \ while (_eol > _str && _eol[-1] == ' ') _eol--; *_eol = '\0'; putp(_str); } \ else if (Pseudo_row >= 0 && Pseudo_row < Screen_rows) { \ - char *_ptr = &Pseudo_screen[Pseudo_row * ROWMAXSIZ]; \ - if (Pseudo_row + 1 < Screen_rows) ++Pseudo_row; \ + char *_ptr = &Pseudo_screen[Pseudo_row++ * ROWMAXSIZ]; \ if (!strcmp(_ptr, _str)) putp("\n"); \ else { \ strcpy(_ptr, _str); \