top: Prevent buffer overflow in calibrate_fields().
pflgsall[] can contain PFLAGSSIZ = 100 elements, each iteration of the loop can write 3 elements to pflgsall[], and there are EU_MAXPFLGS = 58 iterations: a buffer overflow (it can be triggered via the configuration file, for example, by filling "fieldscur" with the "sortindx" flag).
This commit is contained in:
parent
a71ac048e6
commit
c424a64331
@ -2143,12 +2143,13 @@ static void calibrate_fields (void) {
|
|||||||
w->hdrcaplen = 0; // really only used with USE_X_COLHDR
|
w->hdrcaplen = 0; // really only used with USE_X_COLHDR
|
||||||
// build window's pflgsall array, establish upper bounds for maxpflgs
|
// build window's pflgsall array, establish upper bounds for maxpflgs
|
||||||
for (i = 0, w->totpflgs = 0; i < EU_MAXPFLGS; i++) {
|
for (i = 0, w->totpflgs = 0; i < EU_MAXPFLGS; i++) {
|
||||||
if (FLDviz(w, i)) {
|
if (FLDviz(w, i) && w->totpflgs < PFLAGSSIZ) {
|
||||||
f = FLDget(w, i);
|
f = FLDget(w, i);
|
||||||
#ifdef USE_X_COLHDR
|
#ifdef USE_X_COLHDR
|
||||||
w->pflgsall[w->totpflgs++] = f;
|
w->pflgsall[w->totpflgs++] = f;
|
||||||
#else
|
#else
|
||||||
if (CHKw(w, Show_HICOLS) && f == w->rc.sortindx) {
|
if (CHKw(w, Show_HICOLS) && f == w->rc.sortindx &&
|
||||||
|
w->totpflgs <= PFLAGSSIZ - 3) {
|
||||||
w->pflgsall[w->totpflgs++] = EU_XON;
|
w->pflgsall[w->totpflgs++] = EU_XON;
|
||||||
w->pflgsall[w->totpflgs++] = f;
|
w->pflgsall[w->totpflgs++] = f;
|
||||||
w->pflgsall[w->totpflgs++] = EU_XOF;
|
w->pflgsall[w->totpflgs++] = EU_XOF;
|
||||||
|
Loading…
Reference in New Issue
Block a user