From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000)
Subject: ps/sortformat.c: Handle large width in aix_format_parse().
X-Git-Tag: v3.3.15~76
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bb89dad86705422844c00d9d1e6017f168422ef4;p=procps-ng

ps/sortformat.c: Handle large width in aix_format_parse().

Unlikely to ever happen, since it would imply a very large string, but
better safe than sorry.
---

diff --git a/ps/sortformat.c b/ps/sortformat.c
index 81b737ce..08cc71fe 100644
--- a/ps/sortformat.c
+++ b/ps/sortformat.c
@@ -22,6 +22,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 
 #include <sys/types.h>
 
@@ -172,7 +173,7 @@ static const char *aix_format_parse(sf_node *sfn){
         return _("AIX field descriptor processing bug");
       }
     } else {
-      int len;
+      size_t len;
       len = strcspn(walk, "%");
       memcpy(buf,walk,len);
       if(0){
@@ -183,7 +184,7 @@ double_percent:
       buf[len] = '\0';
       walk += len;
       fnode = malloc(sizeof(format_node));
-      fnode->width = len;
+      fnode->width = len < INT_MAX ? len : INT_MAX;
       fnode->name = strdup(buf);
       fnode->pr = NULL;     /* checked for */
       fnode->need = 0;