[PATCH 5/6] Fix a read past end of buffer

Ondřej Lysoněk olysonek at redhat.com
Mon Jul 30 16:11:11 BST 2018


Signed-off-by: Ondřej Lysoněk <olysonek at redhat.com>
---
 src/ascii-xfr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ascii-xfr.c b/src/ascii-xfr.c
index e243b7b..3a76abf 100644
--- a/src/ascii-xfr.c
+++ b/src/ascii-xfr.c
@@ -217,7 +217,7 @@ static int arecv(char *file)
   }
 
   while ((n = read(STDIN_FILENO, line, sizeof(line))) > 0) {
-    for (s = line; n-- >0; s++) {
+    for (s = line; s - line < n; s++) {
       if (*s == eofchar)
         break;
       if (dotrans && *s == '\r')
@@ -227,7 +227,7 @@ static int arecv(char *file)
     }
     stats(first);
     first = 0;
-    if (*s == eofchar)
+    if (s - line < n && *s == eofchar)
       break;
   }
   fclose(fp);
-- 
2.14.4




More information about the minicom-devel mailing list