Fix an out-of-bounds read in fgetline().

Forgot that a zero-length string might have come back from fgets. Thanks to Hanno Böck for spotting this, with the aid of AFL.
FauxFaux · Nov 10, 2015 · 5815d6a · 5815d6a
1 parent fa7b23c
commit 5815d6a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/misc.c b/misc.c
@@ -460,7 +460,7 @@ char *fgetline(FILE *fp)
     int size = 512, len = 0;
     while (fgets(ret + len, size - len, fp)) {
 	len += strlen(ret + len);
-	if (ret[len-1] == '\n')
+	if (len > 0 && ret[len-1] == '\n')
 	    break;		       /* got a newline, we're done */
 	size = len + 512;
 	ret = sresize(ret, size, char);