Security: Invalid read in private_f_print().

The variable "i" is incremented inside the loop without checking that i < length.
This potentially results in an invalid read (such as when the string is not NULL terminated after the designated length).

diff --git a/level_0/f_print/c/private-print.c b/level_0/f_print/c/private-print.c
index efe7599cefaec54c90054d448d702cd7318db656..f17101502915f246f5df7e7358b1d785bc338a0e 100644 (file)
--- a/level_0/f_print/c/private-print.c
+++ b/level_0/f_print/c/private-print.c
@@ -27,7 +27,7 @@ extern "C" {
         total = 0;
       }
 
-      if (!string[i]) {
+      if (i < length && !string[i]) {
         do {
           ++i;
         } while (i < length && !string[i]);