Bugfix: check bounds before accessing memory
This fixes the following issue when having an error early in the config file: ==1562==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6220000180ff at pc 0x55c837edb1d3 bp 0x7ffee7534650 sp 0x7ffee7534648 READ of size 1 at 0x6220000180ff thread T0 #0 0x55c837edb1d2 in start_of_line ../../i3/src/config_parser.c:238 #1 0x55c837edc96f in parse_config ../../i3/src/config_parser.c:493 #2 0x55c837edf527 in parse_file ../../i3/src/config_parser.c:1091 #3 0x55c837ecf14b in parse_configuration ../../i3/src/config.c:65 #4 0x55c837ed1ef4 in load_configuration ../../i3/src/config.c:230 #5 0x55c837f0a8d0 in main ../../i3/src/main.c:539 #6 0x7fb63ae042b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #7 0x55c837e95eb9 in _start (/home/michael/i3/build/i3+0x4beb9) 0x6220000180ff is located 1 bytes to the left of 5165-byte region [0x622000018100,0x62200001952d) allocated by thread T0 here: #0 0x7fb63e590cf8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1cf8) #1 0x55c837f59aa6 in smalloc ../../i3/libi3/safewrappers.c:24 #2 0x55c837edef45 in parse_file ../../i3/src/config_parser.c:1029 #3 0x55c837ecf14b in parse_configuration ../../i3/src/config.c:65 #4 0x55c837ed1ef4 in load_configuration ../../i3/src/config.c:230 #5 0x55c837f0a8d0 in main ../../i3/src/main.c:539 #6 0x7fb63ae042b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
This commit is contained in:
parent
ad8bb41686
commit
c25bee0ffc
|
@ -235,7 +235,7 @@ static void next_state(const cmdp_token *token) {
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
static const char *start_of_line(const char *walk, const char *beginning) {
|
static const char *start_of_line(const char *walk, const char *beginning) {
|
||||||
while (*walk != '\n' && *walk != '\r' && walk >= beginning) {
|
while (walk >= beginning && *walk != '\n' && *walk != '\r') {
|
||||||
walk--;
|
walk--;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue