Fix a buffer overflow issue with fuzzer-generated code (Issue #5)

michaelrsweet · Jul 3, 2019 · 19532db · 19532db
1 parent 978192e
commit 19532db
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -20,8 +20,8 @@ CC	=	gcc
 CFLAGS	=	$(OPTIM) -Wall '-DVERSION="$(VERSION)"' $(OPTIONS)
 LDFLAGS	=	$(OPTIM)
 LIBS	=	-lmxml -lz -lm
-OPTIM	=	-Os -g
-#OPTIM	=	-g -fsanitize=address
+#OPTIM	=	-Os -g
+OPTIM	=	-g -fsanitize=address
 OPTIONS	=
 #OPTIONS	=	-DDEBUG=1
 

diff --git a/README.md b/README.md
@@ -18,6 +18,7 @@ Changes in v3.2
 
 - The default HTML stylesheet no longer puts an outline box around monospaced
   text (Issue #2)
+- Fixed a buffer overflow issue with fuzzer-generated "code" (Issue #5)
 - Now use the base name of the cover image filename in HTML output.
 - Fixed some markdown parsing issues.
 

diff --git a/codedoc.c b/codedoc.c
@@ -854,7 +854,7 @@ add_variable(mxml_node_t *parent,	/* I - Parent node */
     {
       string = mxmlGetText(node, &whitespace);
 
-      if (whitespace && bufptr > buffer)
+      if (whitespace && bufptr > buffer && bufptr < (buffer + sizeof(buffer) - 1))
 	*bufptr++ = ' ';
 
       strlcpy(bufptr, string, sizeof(buffer) - (size_t)(bufptr - buffer));