Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
batch: Fix crash caused by calling post_func on unused batch entries
A null pointer dereference could happen when running with more threads
than there were rows in the image, leading to denial of service (crash).
Reported by @Han0nly via huntr.dev.
  • Loading branch information
hpjansson committed May 29, 2022
1 parent e35dbd3 commit 3497f45
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions chafa/internal/chafa-batch.c
Expand Up @@ -82,7 +82,12 @@ chafa_process_batches (gpointer ctx, GFunc batch_func, GFunc post_func, gint n_r
}

if (row_ofs [0] >= row_ofs [1])
{
/* Save the number of batches actually produced to use in
* post_func loop later. */
n_batches = i;
break;
}

batch = &batches [i++];
batch->first_row = row_ofs [0];
Expand Down

0 comments on commit 3497f45

Please sign in to comment.