fyb/calcurse-edge
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix out of bounds memory access (off by one)

Browse Source 
If fgets reads a line that only contains a `\n`, then the pointer `eol`
will point to the first byte in that buffer. The subsequent dereference
of `*(eol -1 )` will access the byte before that buffer.

This fix makes sure that that length of the current line read by fgets
is at least 2 bytes long.

Signed-off-by: Max Kunzelmann <max@mxzero.net>
Signed-off-by: Lukas Fleischer <lfleischer@calcurse.org>
This commit is contained in:
Max Kunzelmann 2023-11-11 21:28:03 +01:00 committed by Lukas Fleischer
parent 80cd8af956
commit aa5ff07b61
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ical.c
View File

@ -691,7 +691,7 @@ static int ical_readline(FILE * fdi, char *buf, char *lstore, unsigned *ln)
while (fgets(lstore, BUFSIZ, fdi) != NULL) {
(*ln)++;
if ((eol = strchr(lstore, '\n')) != NULL) {
if (*(eol - 1) == '\r')
if (strlen(lstore) > 1 && *(eol - 1) == '\r')
*(eol - 1) = '\0';
else
*eol = '\0';