From bd91bbf7f12fe34dd1369466c9c2f8d685d3d2fd Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] top: Check i when setting Curwin in config_file(). Otherwise it leads to out-of-bounds reads (and maybe writes). --- top/top.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/top/top.c b/top/top.c index 1b5afeec..3a92544e 100644 --- a/top/top.c +++ b/top/top.c @@ -3689,6 +3689,8 @@ static const char *config_file (FILE *fp, const char *name, float *delay) { if (Rc.id < 'a' || Rc.id > RCF_VERSION_ID) return p; // you saw that, right? (fscanf stickin' it to 'i') + if (i < 0 || i >= GROUPSMAX) + return p; Curwin = &Winstk[i]; // this may be ugly, but it keeps us locale independent... *delay = (float)tmp_whole + (float)tmp_fract / 1000;