]> granicus.if.org Git - procps-ng/commitdiff
0098-top: Check i when setting Curwin in config_file().
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Sat, 9 Jun 2018 11:35:19 +0000 (21:35 +1000)
Otherwise it leads to out-of-bounds reads (and maybe writes).

top/top.c

index e13feb6224a5545dc700b1b86bd456c4959e0a37..cf4c0744eb641078726c4265308d6b708496cc84 100644 (file)
--- a/top/top.c
+++ b/top/top.c
@@ -3225,6 +3225,8 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
    if (Rc.id < 'a' || Rc.id > RCF_VERSION_ID)
       return p;
    // you saw that, right?  (fscanf stickin' it to 'i')
+   if (i < 0 || i >= GROUPSMAX)
+      return p;
    Curwin = &Winstk[i];
    // this may be ugly, but it keeps us locale independent...
    *delay = (float)tmp_whole + (float)tmp_fract / 1000;