]> granicus.if.org Git - procps-ng/commitdiff
projects / procps-ng / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d5442e1)
tload: Prevent a buffer overflow when row equals nrows.
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Fri, 18 May 2018 21:32:21 +0000 (07:32 +1000)
When max_scale is very small, scale_fact is very small, row is equal to
nrows, p points outside screen, and the write to *p is out-of-bounds.

tload.c patch | blob | history

diff --git a/tload.c b/tload.c
index 29e6a8ffbfc35888104171222a30d62e309f9cea..4b925e3705f466f64187ef13df5f5fa77ee3cfa9 100644 (file)
--- a/tload.c
+++ b/tload.c
@@ -190,7 +190,7 @@ int main(int argc, char **argv)
                for (i = 1;; ++i) {
                        char *p;
                        row = nrows - (i * scale_fact);
-                       if (row < 0)
+                       if (row < 0 || row >= nrows)
                                break;
                        if (*(p = screen + row * ncols + col) == ' ')
                                *p = '-';
Unnamed repository; edit this file 'description' to name the repository.