sed: prevent overflow of length from bb_get_chunk_from_file This fragment did not work right: temp = bb_get_chunk_from_file(fp, &len); if (temp) { /* len > 0 here, it's ok to do temp[len-1] */ char c = temp[len-1]; With "int len" _sign-extending_, temp[len-1] can refer to a wrong location if len > 0x7fffffff. Signed-off-by: Quentin Rameau <quinq@fifth.space> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

commit: e2afae6303e871a31a061d03359cfcd5dd86c088 [log] [tgz]
author: Quentin Rameau <quinq@fifth.space> Sun Apr 01 19:49:58 2018 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> Sun Apr 01 19:51:14 2018 +0200
tree: 40482184a4ff53ea4fd3439f96e0e7e967a075cc
parent: 2da9724b56169f00bd7fb6b9a11c9409a7620981 [diff] [blame]
diff --git a/include/libbb.h b/include/libbb.h
index fa87843..309c587 100644
--- a/include/libbb.h
+++ b/include/libbb.h

@@ -911,7 +911,7 @@
  * end of line. If end isn't NULL, length of the chunk is stored in it.
  * Returns NULL if EOF/error.
  */
-extern char *bb_get_chunk_from_file(FILE *file, int *end) FAST_FUNC;
+extern char *bb_get_chunk_from_file(FILE *file, size_t *end) FAST_FUNC;
 /* Reads up to (and including) TERMINATING_STRING: */
 extern char *xmalloc_fgets_str(FILE *file, const char *terminating_string) FAST_FUNC RETURNS_MALLOC;
 /* Same, with limited max size, and returns the length (excluding NUL): */
commit	e2afae6303e871a31a061d03359cfcd5dd86c088	[log] [tgz]
author	Quentin Rameau <quinq@fifth.space>	Sun Apr 01 19:49:58 2018 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	Sun Apr 01 19:51:14 2018 +0200
tree	40482184a4ff53ea4fd3439f96e0e7e967a075cc
parent	2da9724b56169f00bd7fb6b9a11c9409a7620981 [diff] [blame]