From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 88EC715815E for ; Thu, 1 Feb 2024 08:21:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BF087E2AB7; Thu, 1 Feb 2024 08:21:41 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9A15AE2A31 for ; Thu, 1 Feb 2024 08:21:41 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B36A73431FE for ; Thu, 1 Feb 2024 08:21:40 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 063C613AA for ; Thu, 1 Feb 2024 08:21:39 +0000 (UTC) From: "Fabian Groffen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Fabian Groffen" Message-ID: <1706775541.b4ace2f3443e6746a54eb14c7f50aa719540181c.grobian@gentoo> Subject: [gentoo-commits] proj/portage-utils:master commit in: libq/ X-VCS-Repository: proj/portage-utils X-VCS-Files: libq/contents.c X-VCS-Directories: libq/ X-VCS-Committer: grobian X-VCS-Committer-Name: Fabian Groffen X-VCS-Revision: b4ace2f3443e6746a54eb14c7f50aa719540181c X-VCS-Branch: master Date: Thu, 1 Feb 2024 08:21:39 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 36e07915-50d0-473f-bbfe-d2c229af46d5 X-Archives-Hash: 617faff1115fbe50b1c9c26b295d7259 commit: b4ace2f3443e6746a54eb14c7f50aa719540181c Author: Fabian Groffen gentoo org> AuthorDate: Thu Feb 1 08:19:01 2024 +0000 Commit: Fabian Groffen gentoo org> CommitDate: Thu Feb 1 08:19:01 2024 +0000 URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=b4ace2f3 libq/contents: fix invalid access problem pointed out by valgrind len represents the entire string length, but we start scanning after the line identifier, so substract that size from len, such that we don't start scanning after the end of the input string. Signed-off-by: Fabian Groffen gentoo.org> libq/contents.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libq/contents.c b/libq/contents.c index feb1c0b..6ec4491 100644 --- a/libq/contents.c +++ b/libq/contents.c @@ -34,6 +34,9 @@ contents_parse_line_len(char *line, size_t len) len--; } + if (len <= 4) /* minimal: "dir /" */ + return NULL; + memset(&e, 0x00, sizeof(e)); e._data = line; @@ -47,6 +50,7 @@ contents_parse_line_len(char *line, size_t len) return NULL; e.name = e._data + 4; + len -= 4; switch (e.type) { /* dir /bin */