[devel] [PATCH for apt v2 05/21] Fix memory access outside of allocated buffer ranges
Aleksei Nikiforov
darktemplar на altlinux.org
Чт Дек 12 12:57:14 MSK 2019
Found via cppcheck:
[apt/apt-pkg/contrib/configuration.cc:674] -> [apt/apt-pkg/contrib/configuration.cc:675]:
(warning) Either the condition 'StackPos<=100' is redundant or the array 'Stack[100]'
is accessed at index 100, which is out of bounds.
---
apt/apt-pkg/contrib/configuration.cc | 2 +-
apt/cmdline/apt-shell.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/apt/apt-pkg/contrib/configuration.cc b/apt/apt-pkg/contrib/configuration.cc
index 214babc..8c0e5fb 100644
--- a/apt/apt-pkg/contrib/configuration.cc
+++ b/apt/apt-pkg/contrib/configuration.cc
@@ -671,7 +671,7 @@ bool ReadConfigFile(Configuration &Conf, const string &FName,bool AsSectional,
// Go down a level
if (TermChar == '{')
{
- if (StackPos <= 100)
+ if (StackPos < sizeof(Stack)/sizeof(*Stack))
Stack[StackPos++] = ParentTag;
/* Make sectional tags incorperate the section into the
diff --git a/apt/cmdline/apt-shell.cc b/apt/cmdline/apt-shell.cc
index d192783..7b033da 100644
--- a/apt/cmdline/apt-shell.cc
+++ b/apt/cmdline/apt-shell.cc
@@ -4088,7 +4088,7 @@ int main(int argc,const char *argv[])
// *q = buffer checker, copying valid stuff to *p
while (*q != 0)
{
- if (largc > sizeof(largv)/sizeof(*largv))
+ if (largc >= sizeof(largv)/sizeof(*largv))
{
_error->Error(_("Exceeded maximum number of command arguments"));
break;
--
2.24.1
Подробная информация о списке рассылки Devel