From: Kevin Day Date: Mon, 11 Jul 2022 02:45:33 +0000 (-0500) Subject: Security: Invalid read for formatted printing using partial ranges on a string. X-Git-Tag: 0.6.0~62 X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=f5097579718dde4eb0dda61abc8e963ffa646238;p=fll Security: Invalid read for formatted printing using partial ranges on a string. If the start position is greater than the used buffer, then an invalid read occurs. Properly verify that the start position is not greater than or equal to the used length of the string. --- diff --git a/level_1/fl_print/c/private-print.c b/level_1/fl_print/c/private-print.c index 7b82dcc..59247fc 100644 --- a/level_1/fl_print/c/private-print.c +++ b/level_1/fl_print/c/private-print.c @@ -327,7 +327,7 @@ extern "C" { except_in = va_arg(apl, f_string_ranges_t); } - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -350,7 +350,7 @@ extern "C" { const f_array_lengths_t except_at = f_array_lengths_t_initialize; const f_string_ranges_t except_in = va_arg(apl, f_string_ranges_t); - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -370,7 +370,7 @@ extern "C" { } } else { - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -441,7 +441,7 @@ extern "C" { except_in = va_arg(apl, f_string_ranges_t); } - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -464,7 +464,7 @@ extern "C" { const f_array_lengths_t except_at = f_array_lengths_t_initialize; const f_string_ranges_t except_in = va_arg(apl, f_string_ranges_t); - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -484,7 +484,7 @@ extern "C" { } } else { - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -719,7 +719,7 @@ extern "C" { except_in = va_arg(apl, f_string_ranges_t); } - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -742,7 +742,7 @@ extern "C" { const f_array_lengths_t except_at = f_array_lengths_t_initialize; const f_string_ranges_t except_in = va_arg(apl, f_string_ranges_t); - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -762,7 +762,7 @@ extern "C" { } } else { - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -840,7 +840,7 @@ extern "C" { except_in = va_arg(apl, f_string_ranges_t); } - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -863,7 +863,7 @@ extern "C" { const f_array_lengths_t except_at = f_array_lengths_t_initialize; const f_string_ranges_t except_in = va_arg(apl, f_string_ranges_t); - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break; @@ -883,7 +883,7 @@ extern "C" { } } else { - if (partial.start > partial.stop) { + if (partial.start > partial.stop || partial.start >= value.used) { *status = F_data_not; break;