From 750cd6e5b2bb4ab74de7d2f9e0afb6dd0c005cf1 Mon Sep 17 00:00:00 2001 From: Takashi Yano Date: Mon, 2 Mar 2020 10:12:56 +0900 Subject: [PATCH] Cygwin: console: Prevent buffer overrun. - This patch prevent potential buffer overrun in the code handling escape sequences. --- winsup/cygwin/fhandler_console.cc | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/winsup/cygwin/fhandler_console.cc b/winsup/cygwin/fhandler_console.cc index 9c5b80181..8b4687724 100644 --- a/winsup/cygwin/fhandler_console.cc +++ b/winsup/cygwin/fhandler_console.cc @@ -3094,7 +3094,8 @@ fhandler_console::write (const void *vsrc, size_t len) case gotarg1: if (isdigit (*src)) { - con.args[con.nargs] = con.args[con.nargs] * 10 + *src - '0'; + if (con.nargs < MAXARGS) + con.args[con.nargs] = con.args[con.nargs] * 10 + *src - '0'; wpbuf_put (*src); src++; } @@ -3102,9 +3103,8 @@ fhandler_console::write (const void *vsrc, size_t len) { wpbuf_put (*src); src++; - con.nargs++; - if (con.nargs > MAXARGS) - con.nargs--; + if (con.nargs < MAXARGS) + con.nargs++; } else if (*src == ' ') { @@ -3117,9 +3117,8 @@ fhandler_console::write (const void *vsrc, size_t len) con.state = gotcommand; break; case gotcommand: - con.nargs ++; - if (con.nargs > MAXARGS) - con.nargs--; + if (con.nargs < MAXARGS) + con.nargs++; char_command (*src++); con.state = normal; wpixput = 0; @@ -3183,9 +3182,8 @@ fhandler_console::write (const void *vsrc, size_t len) { con.state = gotarg1; wpbuf_put (*src); - con.nargs++; - if (con.nargs > MAXARGS) - con.nargs--; + if (con.nargs < MAXARGS) + con.nargs++; src++; } else if (isalpha (*src))