MFC r324431: patch(1): Don't overrun line buffer in some cases

Patches like file.txt attached to PR 190195 with a final line formed like ">(EOL)" could cause a copy past the end of the current line buffer. In the case of PR 191641, this caused a duplicate line to be copied into the resulting file. Instead of running past the end, treat it as if it were a blank line. PR: 191641
author: kevans <kevans@FreeBSD.org> 2018-01-18 21:46:42 +0000
committer: kevans <kevans@FreeBSD.org> 2018-01-18 21:46:42 +0000
commit: 74eac5ce4a8596f71ab65a2a416dca94cdb17fe7 (patch)
tree: 546e3ca4a26dd3f080f071825f2747c8ef2ac0c3 /usr.bin
parent: f1935666e0471636cfda55938bd57fff70648277 (diff)
download: FreeBSD-src-74eac5ce4a8596f71ab65a2a416dca94cdb17fe7.zip
FreeBSD-src-74eac5ce4a8596f71ab65a2a416dca94cdb17fe7.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.bin/patch/pch.c b/usr.bin/patch/pch.c
index 95853b5..eb6285c 100644
--- a/usr.bin/patch/pch.c
+++ b/usr.bin/patch/pch.c
@@ -1125,7 +1125,12 @@ hunk_done:
 			if (*buf != '>')
 				fatal("> expected at line %ld of patch\n",
 				    p_input_line);
-			p_line[i] = savestr(buf + 2);
+			/* Don't overrun if we don't have enough line */
+			if (len > 2)
+				p_line[i] = savestr(buf + 2);
+			else
+				p_line[i] = savestr("");
+
 			if (out_of_mem) {
 				p_end = i - 1;
 				return false;
author	kevans <kevans@FreeBSD.org>	2018-01-18 21:46:42 +0000
committer	kevans <kevans@FreeBSD.org>	2018-01-18 21:46:42 +0000
commit	74eac5ce4a8596f71ab65a2a416dca94cdb17fe7 (patch)
tree	546e3ca4a26dd3f080f071825f2747c8ef2ac0c3 /usr.bin
parent	f1935666e0471636cfda55938bd57fff70648277 (diff)
download	FreeBSD-src-74eac5ce4a8596f71ab65a2a416dca94cdb17fe7.zip FreeBSD-src-74eac5ce4a8596f71ab65a2a416dca94cdb17fe7.tar.gz