svn commit: r334083 - head/usr.bin/cut
Eitan Adler
eadler at FreeBSD.org
Wed May 23 09:16:22 UTC 2018
Author: eadler
Date: Wed May 23 09:16:20 2018
New Revision: 334083
URL: https://svnweb.freebsd.org/changeset/base/334083
Log:
cut: Fix out of boundary write on illegal list argument
It is possible to trigger an out of boundary write in cut if an invalid
range with autostart has been supplied.
PR: 227330
Submitted by: tobias at stoeckmann.org
Modified:
head/usr.bin/cut/cut.c
Modified: head/usr.bin/cut/cut.c
==============================================================================
--- head/usr.bin/cut/cut.c Wed May 23 09:02:31 2018 (r334082)
+++ head/usr.bin/cut/cut.c Wed May 23 09:16:20 2018 (r334083)
@@ -210,6 +210,12 @@ get_list(char *list)
needpos(maxval + 1);
}
+ /* reversed range with autostart */
+ if (maxval < autostart) {
+ maxval = autostart;
+ needpos(maxval + 1);
+ }
+
/* set autostart */
if (autostart)
memset(positions + 1, '1', autostart);
More information about the svn-src-head
mailing list