From d883d64d96ab9bef510745d064a351145b9babec Mon Sep 17 00:00:00 2001
From: Sami Kerola
Date: Sun, 9 Aug 2015 18:16:34 +0100
Subject: colcrt: avoid writing beyond array bound [afl & asan]

text-utils/colcrt.c:205:10: runtime error: index -1 out of bounds for type 'wchar_t [133]'
SUMMARY: AddressSanitizer: undefined-behavior text-utils/colcrt.c:205
=================================================================
==2357==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013811b0 at pc 0x0000004e2514 bp 0x7ffdf6ba4450 sp 0x7ffdf6ba4448
READ of size 4 at 0x0000013811b0 thread T0
    #0 0x4e2513 in colcrt /home/src/util-linux/text-utils/colcrt.c:213:8
    #1 0x4e17d4 in main /home/src/util-linux/text-utils/colcrt.c:139:3
    #2 0x7fb77236960f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #3 0x4362c8 in _start (/home/src/util-linux/colcrt+0x4362c8)

Reported-by: Alaa Mubaied <alaamubaied@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 text-utils/colcrt.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'text-utils/colcrt.c')

diff --git a/text-utils/colcrt.c b/text-utils/colcrt.c
index cf630c404..3cf25cbbe 100644
--- a/text-utils/colcrt.c
+++ b/text-utils/colcrt.c
@@ -201,6 +201,8 @@ void colcrt(FILE *f) {
 			/* fallthrough */
 		default:
 			w = wcwidth(c);
+			if (w < 0)
+				continue;
 			if (outcol + w > PAGE_ARRAY_COLS) {
 				outcol++;
 				continue;
-- 
cgit v1.2.3-55-g7522