ps/sortformat.c: Catch negative width in format_parse().
The existing strspn() check guarantees that the string contains no '-' but atoi() does not catch errors, especially not integer overflows.
This commit is contained in:
parent
db00f54f4a
commit
cde22815af
@ -271,7 +271,7 @@ static const char *format_parse(sf_node *sfn){
|
|||||||
if(colon_loc){ /* if width override */
|
if(colon_loc){ /* if width override */
|
||||||
*colon_loc = '\0';
|
*colon_loc = '\0';
|
||||||
colon_loc++;
|
colon_loc++;
|
||||||
if(strspn(colon_loc,"0123456789") != strlen(colon_loc) || *colon_loc=='0' || !*colon_loc){
|
if(strspn(colon_loc,"0123456789") != strlen(colon_loc) || *colon_loc=='0' || !*colon_loc || atoi(colon_loc) <= 0){
|
||||||
free(buf);
|
free(buf);
|
||||||
goto badwidth;
|
goto badwidth;
|
||||||
}
|
}
|
||||||
@ -296,6 +296,7 @@ static const char *format_parse(sf_node *sfn){
|
|||||||
}
|
}
|
||||||
// FIXME: enforce signal width to 8, 9, or 16 (grep: SIGNAL wide_signals)
|
// FIXME: enforce signal width to 8, 9, or 16 (grep: SIGNAL wide_signals)
|
||||||
fnode->width = atoi(colon_loc); // already verified to be a number
|
fnode->width = atoi(colon_loc); // already verified to be a number
|
||||||
|
if(fnode->width <= 0) catastrophic_failure(__FILE__, __LINE__, _("please report this bug"));
|
||||||
}
|
}
|
||||||
endp = fnode; while(endp->next) endp = endp->next; /* find end */
|
endp = fnode; while(endp->next) endp = endp->next; /* find end */
|
||||||
endp->next = sfn->f_cooked;
|
endp->next = sfn->f_cooked;
|
||||||
|
Loading…
Reference in New Issue
Block a user