Skip to content
Permalink
Browse files Browse the repository at this point in the history
Do not write after the end of the array and overwrite the stack when
colon-separated SGR sequences contain empty arguments. Reported by Sergey
Nizovtsev.
  • Loading branch information
nicm committed Oct 29, 2020
1 parent b33a302 commit a868bac
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion input.c
Expand Up @@ -1976,8 +1976,13 @@ input_csi_dispatch_sgr_colon(struct input_ctx *ictx, u_int i)
free(copy);
return;
}
} else
} else {
n++;
if (n == nitems(p)) {
free(copy);
return;
}
}
log_debug("%s: %u = %d", __func__, n - 1, p[n - 1]);
}
free(copy);
Expand Down

1 comment on commit a868bac

@jzmexec
Copy link

@jzmexec jzmexec commented on a868bac Dec 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In line 1981. Is the ">=" condition better here? @nicm

Please sign in to comment.