[PATCH 1/2] commands: edit: Fix potential out-of-bound access
Jules Maselbas
jmaselbas at zdiv.net
Mon Mar 31 10:40:49 PDT 2025
The local lbuf can potentially be left not nul-terminated,
and the tab expension can potentially write out-of-bound.
Signed-off-by: Jules Maselbas <jmaselbas at zdiv.net>
---
commands/edit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/commands/edit.c b/commands/edit.c
index fcf8ad90f5..3bbe60fdbf 100644
--- a/commands/edit.c
+++ b/commands/edit.c
@@ -53,14 +53,14 @@ static char *screenline(char *line, int *pos)
return lbuf;
}
- for (i = 0; outpos < 1024; i++) {
+ for (i = 0; outpos < sizeof(lbuf) - 1; i++) {
if (i == textx && pos)
*pos = outpos;
if (!line[i])
break;
if (line[i] == '\t') {
lbuf[outpos++] = ' ';
- while (outpos % TABSPACE)
+ while (outpos < sizeof(lbuf) - 1 && outpos % TABSPACE)
lbuf[outpos++] = ' ';
continue;
}
--
2.48.1
More information about the barebox
mailing list