From 1ed968c52651d457300cea92b59fe43c67e6e55a Mon Sep 17 00:00:00 2001
From: Karel Zak
Date: Fri, 15 Sep 2017 13:43:54 +0200
Subject: libsmartcols: fix heap-buffer-overflow when move columns

Reported-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 libsmartcols/src/line.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'libsmartcols')

diff --git a/libsmartcols/src/line.c b/libsmartcols/src/line.c
index aa339ce38..c2a991c2d 100644
--- a/libsmartcols/src/line.c
+++ b/libsmartcols/src/line.c
@@ -160,13 +160,15 @@ int scols_line_move_cells(struct libscols_line *ln, size_t newn, size_t oldn)
 	/* remember data from old position */
 	memcpy(&ce, &ln->cells[oldn], sizeof(struct libscols_cell));
 
-	/* remove from old position */
-	memmove(ln->cells + oldn, ln->cells + oldn + 1,
+	/* remove old possition (move data behind oldn to oldn) */
+	if (oldn + 1 < ln->ncells)
+		memmove(ln->cells + oldn, ln->cells + oldn + 1,
 			(ln->ncells - oldn) * sizeof(struct libscols_cell));
 
 	/* create a space for new position */
-	memmove(ln->cells + newn + 1, ln->cells + newn,
-		(ln->ncells - newn) * sizeof(struct libscols_cell));
+	if (newn + 1 < ln->ncells)
+		memmove(ln->cells + newn + 1, ln->cells + newn,
+			(ln->ncells - newn) * sizeof(struct libscols_cell));
 
 	/* copy original data to new position */
 	memcpy(&ln->cells[newn], &ce, sizeof(struct libscols_cell));
-- 
cgit v1.2.3-55-g7522