bug-ncurses
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: out of bounds array access


From: Thomas Dickey
Subject: Re: out of bounds array access
Date: Sat, 25 Oct 2003 19:44:08 -0400 (EDT)

On Sat, 25 Oct 2003, Todd C. Miller wrote:

> _nc_infotocap() can access memory outside the bounds of str.
> Found by David Krause using some of the new malloc debugging features
> under OpenBSD; a fix by Ted Unangst follows.  I don't think this
> has security implications but should still be fixed.

thanks
>
>  - todd
>
> --- ncurses/tinfo/captoinfo.c.DIST    Sat Sep 28 10:38:59 2002
> +++ ncurses/tinfo/captoinfo.c Sat Oct 25 17:03:07 2003
> @@ -649,11 +649,11 @@
>
>      /* we may have to move some trailing mandatory padding up front */
>      padding = str + strlen(str) - 1;
> -    if (*padding == '>' && *--padding == '/') {
> +    if (padding > str && *padding == '>' && *--padding == '/') {
>       --padding;
>       while (isdigit(UChar(*padding)) || *padding == '.' || *padding == '*')
>           padding--;
> -     if (*padding == '<' && *--padding == '$')
> +     if (padding > str && *padding == '<' && *--padding == '$')
>           trimmed = padding;
>       padding += 2;
>
>
>
> _______________________________________________
> Bug-ncurses mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/bug-ncurses
>

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net




reply via email to

[Prev in Thread] Current Thread [Next in Thread]