diff options
| author | Sami Kerola | 2015-08-09 19:16:34 +0200 |
|---|---|---|
| committer | Sami Kerola | 2015-08-10 22:48:38 +0200 |
| commit | d883d64d96ab9bef510745d064a351145b9babec (patch) | |
| tree | 2aff8ccbba4b8411029fb26fc3f2b99a9c7566c9 /text-utils/colcrt.c | |
| parent | colcrt: use #define in place of magic constants (diff) | |
| download | kernel-qcow2-util-linux-d883d64d96ab9bef510745d064a351145b9babec.tar.gz kernel-qcow2-util-linux-d883d64d96ab9bef510745d064a351145b9babec.tar.xz kernel-qcow2-util-linux-d883d64d96ab9bef510745d064a351145b9babec.zip | |
colcrt: avoid writing beyond array bound [afl & asan]
text-utils/colcrt.c:205:10: runtime error: index -1 out of bounds for type 'wchar_t [133]'
SUMMARY: AddressSanitizer: undefined-behavior text-utils/colcrt.c:205
=================================================================
==2357==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013811b0 at pc 0x0000004e2514 bp 0x7ffdf6ba4450 sp 0x7ffdf6ba4448
READ of size 4 at 0x0000013811b0 thread T0
#0 0x4e2513 in colcrt /home/src/util-linux/text-utils/colcrt.c:213:8
#1 0x4e17d4 in main /home/src/util-linux/text-utils/colcrt.c:139:3
#2 0x7fb77236960f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
#3 0x4362c8 in _start (/home/src/util-linux/colcrt+0x4362c8)
Reported-by: Alaa Mubaied <alaamubaied@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Diffstat (limited to 'text-utils/colcrt.c')
| -rw-r--r-- | text-utils/colcrt.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/text-utils/colcrt.c b/text-utils/colcrt.c index cf630c404..3cf25cbbe 100644 --- a/text-utils/colcrt.c +++ b/text-utils/colcrt.c @@ -201,6 +201,8 @@ void colcrt(FILE *f) { /* fallthrough */ default: w = wcwidth(c); + if (w < 0) + continue; if (outcol + w > PAGE_ARRAY_COLS) { outcol++; continue; |