From a0d7fe4589651c64bd16ddaaa634030bb0455866 Mon Sep 17 00:00:00 2001 From: Hanno Boeck Date: Wed, 10 Aug 2016 00:06:41 +0200 Subject: Fix out-of-bounds access to lines in a patch This bug can trigger with malformed patches. * src/pch.c (pch_write_line): Avoid out-of-bounds access to p_line[line][p_len[line] - 1] when p_len[line] is 0. --- src/pch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pch.c b/src/pch.c index 94a0ac1..3ba5394 100644 --- a/src/pch.c +++ b/src/pch.c @@ -2276,7 +2276,7 @@ pfetch (lin line) bool pch_write_line (lin line, FILE *file) { - bool after_newline = p_line[line][p_len[line] - 1] == '\n'; + bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n'); if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file)) write_fatal (); return after_newline; -- cgit v1.2.1