Security: Invalid read when using -s/--settings in fake program.

The Featureless Make -s/--settings parameter handling code has a typoe where the wrong enumeration is used.
This results in an invalid read.

diff --git a/level_3/fake/c/private-fake.c b/level_3/fake/c/private-fake.c
index 171d7c9f4bde0116bc067627ed75077c643e8e58..30617adcea84aaf60da67f523f56cec3f047aff0 100644 (file)
--- a/level_3/fake/c/private-fake.c
+++ b/level_3/fake/c/private-fake.c
@@ -603,7 +603,7 @@ extern "C" {
 
       // If a custom --data or a custom --settings parameter is passed and uses an absolute or relative to current path, then do not check.
       if (data->main->parameters.array[fake_parameter_settings_e].result == f_console_result_additional_e) {
-        const f_array_length_t index = data->main->parameters.array[fake_parameter_fakefile_e].values.array[data->main->parameters.array[fake_parameter_fakefile_e].values.used - 1];
+        const f_array_length_t index = data->main->parameters.array[fake_parameter_settings_e].values.array[data->main->parameters.array[fake_parameter_settings_e].values.used - 1];
 
         if (f_path_is_absolute(data->main->parameters.arguments.array[index]) == F_true || f_path_is_relative_current(data->main->parameters.arguments.array[index]) == F_true) {
           parameters_required[1] = F_none;