From 2b56681a4f7741eb82a66f10399295346582b84a Mon Sep 17 00:00:00 2001
From: Kevin Day <kevin@kevux.org>
Date: Sun, 29 Jan 2023 16:43:14 -0600
Subject: [PATCH] Security: Add extra check range checks in Featureless Make
 build skeleton.

The used - 1 could be a problem if used is 0.
---
 level_3/fake/c/private-build-skeleton.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/level_3/fake/c/private-build-skeleton.c b/level_3/fake/c/private-build-skeleton.c
index e3b60ca..8e15020 100644
--- a/level_3/fake/c/private-build-skeleton.c
+++ b/level_3/fake/c/private-build-skeleton.c
@@ -56,6 +56,7 @@ extern "C" {
     }
 
     bool created = F_false;
+    f_array_length_t j = 0;
 
     for (uint8_t i = 0; i < 19; ++i) {
 
@@ -63,9 +64,9 @@ extern "C" {
 
       created = F_false;
 
-      for (f_array_length_t j = 0; j < directorys[i]->used; ++j) {
+      for (j = 0; j < directorys[i]->used; ++j) {
 
-        if (directorys[i]->string[j] != f_path_separator_s.string[0]) continue;
+        if (f_path_separator_s.used && directorys[i]->string[j] != f_path_separator_s.string[0]) continue;
 
         directorys[i]->string[j] = 0;
 
@@ -88,7 +89,7 @@ extern "C" {
         if (F_status_is_error(*status)) break;
       } // for
 
-      if (F_status_is_fine(*status) && directorys[i]->string[directorys[i]->used - 1] != f_path_separator_s.string[0]) {
+      if (F_status_is_fine(*status) && directorys[i]->used && f_path_separator_s.used && directorys[i]->string[directorys[i]->used - 1] != f_path_separator_s.string[0]) {
         *status = f_directory_exists(*directorys[i]);
 
         if (F_status_is_error_not(*status)) {
-- 
1.8.3.1