From db00f54f4a3f2ae21a1e8e401e6b01968a88c514 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] ps/sortformat.c: Double-check chars in verify_short_sort().

To avoid an out-of-bounds access at checkoff[tmp]. The strspn() at the
beginning of the function protects against it already, but double-check
this in case of some future change.
---
 ps/sortformat.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ps/sortformat.c b/ps/sortformat.c
index ace5fa70..1594da62 100644
--- a/ps/sortformat.c
+++ b/ps/sortformat.c
@@ -428,6 +428,7 @@ static const char *verify_short_sort(const char *arg){
   walk = arg;
   for(;;){
     tmp = *walk;
+    if(tmp < 0 || (size_t)tmp >= sizeof(checkoff)) return _("bad sorting code");
     switch(tmp){
     case '\0':
       return NULL;   /* looks good */