Module Name: src
Committed By: rillig
Date: Sun Jun 4 20:23:13 UTC 2023
Modified Files:
src/usr.bin/indent: pr_comment.c
Log Message:
indent: fix out-of-bounds read when reading a comment
To generate a diff of this commit:
cvs rdiff -u -r1.149 -r1.150 src/usr.bin/indent/pr_comment.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.bin/indent/pr_comment.c
diff -u src/usr.bin/indent/pr_comment.c:1.149 src/usr.bin/indent/pr_comment.c:1.150
--- src/usr.bin/indent/pr_comment.c:1.149 Sun May 21 10:18:44 2023
+++ src/usr.bin/indent/pr_comment.c Sun Jun 4 20:23:12 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: pr_comment.c,v 1.149 2023/05/21 10:18:44 rillig Exp $ */
+/* $NetBSD: pr_comment.c,v 1.150 2023/06/04 20:23:12 rillig Exp $ */
/*-
* SPDX-License-Identifier: BSD-4-Clause
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: pr_comment.c,v 1.149 2023/05/21 10:18:44 rillig Exp $");
+__RCSID("$NetBSD: pr_comment.c,v 1.150 2023/06/04 20:23:12 rillig Exp $");
#include <string.h>
@@ -293,9 +293,11 @@ copy_comment_wrap(int line_length, bool
static void
copy_comment_nowrap(void)
{
+ char kind = token.mem[token.len - 1];
+
for (;;) {
if (inp.st[0] == '\n') {
- if (token.mem[token.len - 1] == '/')
+ if (kind == '/')
return;
if (had_eof) {
@@ -314,8 +316,10 @@ copy_comment_nowrap(void)
}
com_add_char(*inp.st++);
- if (com.mem[com.len - 2] == '*' && com.mem[com.len - 1] == '/'
- && token.mem[token.len - 1] == '*')
+ if (com.len >= 2
+ && com.mem[com.len - 2] == '*'
+ && com.mem[com.len - 1] == '/'
+ && kind == '*')
return;
}
}
