From 2fabc50998e822d548315d49aae8ab11b20ea198 Mon Sep 17 00:00:00 2001 From: Qualys Security Advisory Date: Thu, 1 Jan 1970 00:00:00 +0000 Subject: [PATCH] 0110-top: Prevent integer overflows in config_file() and other_selection(). --- top/top.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/top/top.c b/top/top.c index 69719b07..c5388340 100644 --- a/top/top.c +++ b/top/top.c @@ -3303,6 +3303,9 @@ error Hey, fix the above fscanf 'PFLAGSSIZ' dependency ! size_t lraw = strlen(Inspect.raw) +1; char *s; + if (i < 0 || (size_t)i >= INT_MAX / sizeof(struct I_ent)) break; + if (lraw >= INT_MAX - sizeof(fbuf)) break; + if (!fgets(fbuf, sizeof(fbuf), fp)) break; lraw += strlen(fbuf) +1; Inspect.raw = alloc_r(Inspect.raw, lraw); @@ -4165,6 +4168,9 @@ static void other_selection (int ch) { , inc ? N_txt(WORD_include_txt) : N_txt(WORD_exclude_txt))); return; } + if (Curwin->osel_prt && strlen(Curwin->osel_prt) >= INT_MAX - (sizeof(raw) + 6)) { + return; + } osel = alloc_c(sizeof(struct osel_s)); osel->inc = inc; osel->enu = enu; -- 2.40.0