diff options
| author | Andrew J. Schorr <aschorr@telemetry-investments.com> | 2020-01-14 09:26:31 -0500 |
|---|---|---|
| committer | Andrew J. Schorr <aschorr@telemetry-investments.com> | 2020-01-14 09:26:31 -0500 |
| commit | 49125fbf794508efdb71a4f6f18a4bc324bd76ab (patch) | |
| tree | 3fa3dbc0336f1cb48371a0de3fff10f2ab05889f | |
| parent | a2a6e548bc3afcbf4c7401ebdfa8213dbe4e8dea (diff) | |
| download | egawk-49125fbf794508efdb71a4f6f18a4bc324bd76ab.tar.gz egawk-49125fbf794508efdb71a4f6f18a4bc324bd76ab.tar.bz2 egawk-49125fbf794508efdb71a4f6f18a4bc324bd76ab.zip | |
Fix cint off-by-one array bounds overflow check for NHAT set in the environment.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | cint_array.c | 2 |
2 files changed, 7 insertions, 1 deletions
@@ -1,3 +1,9 @@ +2020-01-14 Andrew J. Schorr <aschorr@telemetry-investments.com> + + * cint_array.c (cint_array_init): Fix off-by-one error in array + bounds overflow check for an NHAT value set in the environment. + Thanks to Michael Builov <mbuilov@gmail.com> for the report. + 2020-01-08 Arnold D. Robbins <arnold@skeeve.com> Fix a number of subtle memory leaks. Thanks to the diff --git a/cint_array.c b/cint_array.c index 417f27d5..d7171ac8 100644 --- a/cint_array.c +++ b/cint_array.c @@ -175,7 +175,7 @@ cint_array_init(NODE *symbol ATTRIBUTE_UNUSED, NODE *subs ATTRIBUTE_UNUSED) if ((newval = getenv_long("NHAT")) > 1 && newval < INT32_BIT) NHAT = newval; /* don't allow overflow off the end of the table */ - if (NHAT >= nelems) + if (NHAT > nelems - 2) NHAT = nelems - 2; THRESHOLD = power_two_table[NHAT + 1]; } else |