diff options
author | kevans <kevans@FreeBSD.org> | 2018-01-18 21:46:42 +0000 |
---|---|---|
committer | kevans <kevans@FreeBSD.org> | 2018-01-18 21:46:42 +0000 |
commit | 74eac5ce4a8596f71ab65a2a416dca94cdb17fe7 (patch) | |
tree | 546e3ca4a26dd3f080f071825f2747c8ef2ac0c3 /usr.bin | |
parent | f1935666e0471636cfda55938bd57fff70648277 (diff) | |
download | FreeBSD-src-74eac5ce4a8596f71ab65a2a416dca94cdb17fe7.zip FreeBSD-src-74eac5ce4a8596f71ab65a2a416dca94cdb17fe7.tar.gz |
MFC r324431: patch(1): Don't overrun line buffer in some cases
Patches like file.txt attached to PR 190195 with a final line formed
like ">(EOL)" could cause a copy past the end of the current line buffer. In
the case of PR 191641, this caused a duplicate line to be copied into the
resulting file.
Instead of running past the end, treat it as if it were a blank line.
PR: 191641
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/patch/pch.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.bin/patch/pch.c b/usr.bin/patch/pch.c index 95853b5..eb6285c 100644 --- a/usr.bin/patch/pch.c +++ b/usr.bin/patch/pch.c @@ -1125,7 +1125,12 @@ hunk_done: if (*buf != '>') fatal("> expected at line %ld of patch\n", p_input_line); - p_line[i] = savestr(buf + 2); + /* Don't overrun if we don't have enough line */ + if (len > 2) + p_line[i] = savestr(buf + 2); + else + p_line[i] = savestr(""); + if (out_of_mem) { p_end = i - 1; return false; |