From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: tload: Prevent a buffer overflow when row equals nrows.
X-Git-Tag: v3.3.15~128
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4c346cf594377e53aa777ea8cfd2030eaa163330;p=procps-ng

tload: Prevent a buffer overflow when row equals nrows.

When max_scale is very small, scale_fact is very small, row is equal to
nrows, p points outside screen, and the write to *p is out-of-bounds.
---

diff --git a/tload.c b/tload.c
index 29e6a8ff..4b925e37 100644
--- a/tload.c
+++ b/tload.c
@@ -190,7 +190,7 @@ int main(int argc, char **argv)
 		for (i = 1;; ++i) {
 			char *p;
 			row = nrows - (i * scale_fact);
-			if (row < 0)
+			if (row < 0 || row >= nrows)
 				break;
 			if (*(p = screen + row * ncols + col) == ' ')
 				*p = '-';