[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[7656] tag_expand add extra argument
From: |
gavinsmith0123 |
Subject: |
[7656] tag_expand add extra argument |
Date: |
Mon, 30 Jan 2017 14:26:06 -0500 (EST) |
Revision: 7656
http://svn.sv.gnu.org/viewvc/?view=rev&root=texinfo&revision=7656
Author: gavin
Date: 2017-01-30 14:26:05 -0500 (Mon, 30 Jan 2017)
Log Message:
-----------
tag_expand add extra argument
Modified Paths:
--------------
trunk/ChangeLog
trunk/info/info-utils.c
trunk/info/tag.c
trunk/info/tag.h
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2017-01-30 19:03:49 UTC (rev 7655)
+++ trunk/ChangeLog 2017-01-30 19:26:05 UTC (rev 7656)
@@ -1,3 +1,10 @@
+2017-01-30 Gavin Smith <address@hidden>
+
+ * info/tag.c (tag_expand): Take a pointer as an argument
+ pointing to the end of the buffer that is being processed, and
+ check against this pointer to make sure we don't read too far.
+ Invalid read reported by Hanno B\xF6ck.
+
2017-01-29 Jason Hood <address@hidden>
* info/pcterm.c
Modified: trunk/info/info-utils.c
===================================================================
--- trunk/info/info-utils.c 2017-01-30 19:03:49 UTC (rev 7655)
+++ trunk/info/info-utils.c 2017-01-30 19:26:05 UTC (rev 7656)
@@ -1530,7 +1530,7 @@
text_buffer_init (expansion);
- if (tag_expand (&p1, expansion, in_index))
+ if (tag_expand (&p1, input_start + input_length, expansion, in_index))
{
if (*in_index)
node->flags |= N_IsIndex;
Modified: trunk/info/tag.c
===================================================================
--- trunk/info/tag.c 2017-01-30 19:03:49 UTC (rev 7655)
+++ trunk/info/tag.c 2017-01-30 19:26:05 UTC (rev 7656)
@@ -204,9 +204,12 @@
/* Expand \b[...\b] construct at *INPUT. If encountered, append the
expanded text to OUTBUF, advance *INPUT past the tag, and return 1.
- Otherwise, return 0. If it is an index tag, set IS_INDEX to 1. */
+ Otherwise, return 0. If it is an index tag, set IS_INDEX to 1.
+ *INPUT points into a null-terminated area which may however contain other
+ null characters. INPUT_END points to the end of this area. */
int
-tag_expand (char **input, struct text_buffer *outbuf, int *is_index)
+tag_expand (char **input, char *input_end,
+ struct text_buffer *outbuf, int *is_index)
{
char *p = *input;
char *q;
@@ -213,12 +216,14 @@
size_t len;
struct tag_handler *tp;
- if (memcmp(p, "\0\b[", 3) != 0) /* opening magic? */
+ if (p >= input_end - 3
+ || memcmp(p, "\0\b[", 3) != 0) /* opening magic? */
return 0;
p += 3;
q = p + strlen (p);
- if (memcmp (q + 1, "\b]", 2)) /* closing magic? */
+ if (q >= input_end - 3
+ || memcmp (q + 1, "\b]", 2)) /* closing magic? */
return 0; /* Not a proper tag. */
/* Output is different for index nodes */
Modified: trunk/info/tag.h
===================================================================
--- trunk/info/tag.h 2017-01-30 19:03:49 UTC (rev 7655)
+++ trunk/info/tag.h 2017-01-30 19:26:05 UTC (rev 7656)
@@ -21,6 +21,7 @@
#include "info-utils.h"
-int tag_expand (char **input, struct text_buffer *outbuf, int *is_index);
+int tag_expand (char **input, char *input_end,
+ struct text_buffer *outbuf, int *is_index);
#endif
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [7656] tag_expand add extra argument,
gavinsmith0123 <=