midfavila
/
sbase
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

od: Don't advance past end of type string 

Currently, if you specify -t x, then s is advanced once in the switch statement
to determine the length, and then once again in the for loop, resulting in a
read past the end of the argument.

Also, use sizeof(int) when no length is specified, as specified by POSIX.
This commit is contained in:
Michael Forney 2016-07-08 10:24:08 -07:00 committed by sin
parent 5ae2793da6
commit 49e1854600
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
od.c
View File

@ -196,7 +196,7 @@ main(int argc, char *argv[])
{ {
FILE *fp; FILE *fp;
struct type *t; struct type *t;
int ret = 0; int ret = 0, len;
char *s; char *s;
big_endian = (*(uint16_t *)"\0\xff" == 0xff); big_endian = (*(uint16_t *)"\0\xff" == 0xff);
@ -244,30 +244,28 @@ main(int argc, char *argv[])
case 'o': case 'o':
case 'u': case 'u':
case 'x': case 'x':
t = emalloc(sizeof(*t));
t->format = *s;
/* todo: allow multiple digits */ /* todo: allow multiple digits */
if (*(s+1) > '0' && *(s+1) <= '9') { if (*(s+1) > '0' && *(s+1) <= '9') {
t->len = *(++s) - '0'; len = *(s+1) - '0';
} else { } else {
switch (*(++s)) { switch (*(s+1)) {
case 'C': case 'C':
t->len = sizeof(char); len = sizeof(char);
break; break;
case 'S': case 'S':
t->len = sizeof(short); len = sizeof(short);
break; break;
case 'I': case 'I':
t->len = sizeof(int); len = sizeof(int);
break; break;
case 'L': case 'L':
t->len = sizeof(long); len = sizeof(long);
break; break;
default: default:
t->len = 4; len = sizeof(int);
} }
} }
TAILQ_INSERT_TAIL(&head, t, entry); addtype(*s++, len);
break; break;
default: default:
usage(); usage();