ps/sortformat.c: Handle large width in aix_format_parse().

author Qualys Security Advisory <qsa@qualys.com>

Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)

committer Craig Small <csmall@enc.com.au>

Fri, 18 May 2018 21:32:22 +0000 (07:32 +1000)
author Qualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer Craig Small <csmall@enc.com.au>
Fri, 18 May 2018 21:32:22 +0000 (07:32 +1000)
diff --git a/ps/sortformat.c b/ps/sortformat.c

index 81b737ce9ead9d451d71e4b0cecdfaca08f79425..08cc71fe7b372b61c87414727e33b8c6b235f9e5 100644 (file)
--- a/ps/sortformat.c
+++ b/ps/sortformat.c
@@ -22,6 +22,7 @@
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
+#include <limits.h>
  
  #include <sys/types.h>
  
@@ -172,7 +173,7 @@ static const char *aix_format_parse(sf_node *sfn){
          return _("AIX field descriptor processing bug");
        }
      } else {
-      int len;
+      size_t len;
        len = strcspn(walk, "%");
        memcpy(buf,walk,len);
        if(0){
@@ -183,7 +184,7 @@ double_percent:
        buf[len] = '\0';
        walk += len;
        fnode = malloc(sizeof(format_node));
-      fnode->width = len;
+      fnode->width = len < INT_MAX ? len : INT_MAX;
        fnode->name = strdup(buf);
        fnode->pr = NULL;     /* checked for */
        fnode->need = 0;
author	Qualys Security Advisory <qsa@qualys.com>
	Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer	Craig Small <csmall@enc.com.au>
	Fri, 18 May 2018 21:32:22 +0000 (07:32 +1000)