]> Kevux Git Server - fll/commitdiff
projects / fll / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aa6079d)
Security: Invalid read for formatted printing using partial ranges on a string.
authorKevin Day <thekevinday@gmail.com>
Mon, 11 Jul 2022 02:45:33 +0000 (21:45 -0500)
committerKevin Day <thekevinday@gmail.com>
Mon, 11 Jul 2022 02:45:33 +0000 (21:45 -0500)
If the start position is greater than the used buffer, then an invalid read occurs.
Properly verify that the start position is not greater than or equal to the used length of the string.

level_1/fl_print/c/private-print.c patch | blob | history

diff --git a/level_1/fl_print/c/private-print.c b/level_1/fl_print/c/private-print.c
index 7b82dccd25c344a8dc73a13fa4b7fb691e3229eb..59247fc9fe6251c24704dbfb8933b603a29c959f 100644 (file)
--- a/level_1/fl_print/c/private-print.c
+++ b/level_1/fl_print/c/private-print.c
@@ -327,7 +327,7 @@ extern "C" {
                     except_in = va_arg(apl, f_string_ranges_t);
                   }
 
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -350,7 +350,7 @@ extern "C" {
                   const f_array_lengths_t except_at = f_array_lengths_t_initialize;
                   const f_string_ranges_t except_in = va_arg(apl, f_string_ranges_t);
 
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -370,7 +370,7 @@ extern "C" {
                   }
                 }
                 else {
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -441,7 +441,7 @@ extern "C" {
                     except_in = va_arg(apl, f_string_ranges_t);
                   }
 
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -464,7 +464,7 @@ extern "C" {
                   const f_array_lengths_t except_at = f_array_lengths_t_initialize;
                   const f_string_ranges_t except_in = va_arg(apl, f_string_ranges_t);
 
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -484,7 +484,7 @@ extern "C" {
                   }
                 }
                 else {
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -719,7 +719,7 @@ extern "C" {
                     except_in = va_arg(apl, f_string_ranges_t);
                   }
 
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -742,7 +742,7 @@ extern "C" {
                   const f_array_lengths_t except_at = f_array_lengths_t_initialize;
                   const f_string_ranges_t except_in = va_arg(apl, f_string_ranges_t);
 
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -762,7 +762,7 @@ extern "C" {
                   }
                 }
                 else {
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -840,7 +840,7 @@ extern "C" {
                     except_in = va_arg(apl, f_string_ranges_t);
                   }
 
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -863,7 +863,7 @@ extern "C" {
                   const f_array_lengths_t except_at = f_array_lengths_t_initialize;
                   const f_string_ranges_t except_in = va_arg(apl, f_string_ranges_t);
 
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
@@ -883,7 +883,7 @@ extern "C" {
                   }
                 }
                 else {
-                  if (partial.start > partial.stop) {
+                  if (partial.start > partial.stop || partial.start >= value.used) {
                     *status = F_data_not;
 
                     break;
The Featureless Linux Library (FLL) Git repository.