From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 (+0000) Subject: 0066-ps/sortformat.c: Handle large width in aix_format_parse(). X-Git-Tag: v4.0.0~531 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f212e552d7d9454b023c95ab9937cd512bc3d673;p=procps-ng 0066-ps/sortformat.c: Handle large width in aix_format_parse(). Unlikely to ever happen, since it would imply a very large string, but better safe than sorry. ---------------------------- adapted for newlib branch . now uses 'xmalloc' vs. unchecked stdlib 'malloc' . the member 'need' was removed from 'format_node' Signed-off-by: Jim Warner --- diff --git a/ps/sortformat.c b/ps/sortformat.c index a96ef38e..8fe09924 100644 --- a/ps/sortformat.c +++ b/ps/sortformat.c @@ -22,6 +22,7 @@ #include #include #include +#include #include @@ -171,7 +172,7 @@ static const char *aix_format_parse(sf_node *sfn){ return _("AIX field descriptor processing bug"); } } else { - int len; + size_t len; len = strcspn(walk, "%"); memcpy(buf,walk,len); if(0){ @@ -182,7 +183,7 @@ double_percent: buf[len] = '\0'; walk += len; fnode = xmalloc(sizeof(format_node)); - fnode->width = len; + fnode->width = len < INT_MAX ? len : INT_MAX; fnode->name = strdup(buf); fnode->pr = NULL; /* checked for */ fnode->vendor = AIX;