From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: skill: Fix double-increment of pid_count.
X-Git-Tag: v3.3.15~116
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=56e696ca5f64de52c25727810321f249bfe5587e;p=procps-ng

skill: Fix double-increment of pid_count.

No need to "pid_count++;" because "ENLIST(pid," does it already. Right
now this can trigger a heap-based buffer overflow.

Also, remove the unneeded "pid_count = 0;" (it is static, and
skillsnice_parse() is called only once; and the other *_count variables
are not initialized explicitly either).
---

diff --git a/skill.c b/skill.c
index 08043c1b..012f5a11 100644
--- a/skill.c
+++ b/skill.c
@@ -595,8 +595,6 @@ static void skillsnice_parse(int argc,
 			sig_or_pri = signo;
 	}
 
-	pid_count = 0;
-
 	while ((ch =
 		getopt_long(argc, argv, "c:dfilnp:Lt:u:vwhV", longopts,
 			    NULL)) != -1)
@@ -623,7 +621,6 @@ static void skillsnice_parse(int argc,
 			ENLIST(pid,
 			       strtol_or_err(optarg,
 					     _("failed to parse argument")));
-			pid_count++;
 			break;
 		case 'L':
 			pretty_print_signals();
@@ -692,7 +689,6 @@ static void skillsnice_parse(int argc,
 		num = strtol(argv[0], &end, 10);
 		if (errno == 0 && argv[0] != end && end != NULL && *end == '\0') {
 			ENLIST(pid, num);
-			pid_count++;
 		} else {
 			ENLIST(cmd, argv[0]);
 		}