od: Fix buffer overflow if -N flag is larger than BUFSIZ

Previously, if max was specified, od will call read with that size,
potentially overflowing buf with data read from the file.
master
Michael Forney 2016-12-06 02:16:54 -08:00 committed by Laslo Hunhold
parent 9e594a986e
commit 5e4e6aeb3e
1 changed files with 10 additions and 8 deletions

18
od.c
View File

@ -129,23 +129,25 @@ od(FILE *fp, char *fname, int last)
{
static unsigned char *line;
static size_t lineoff;
size_t i;
unsigned char buf[BUFSIZ];
static off_t addr;
size_t buflen;
unsigned char buf[BUFSIZ];
size_t i, n, size = sizeof(buf);
while (skip - addr > 0) {
buflen = fread(buf, 1, MIN(skip - addr, BUFSIZ), fp);
addr += buflen;
n = fread(buf, 1, MIN(skip - addr, sizeof(buf)), fp);
addr += n;
if (feof(fp) || ferror(fp))
return;
}
if (!line)
line = emalloc(linelen);
while ((buflen = fread(buf, 1, max >= 0 ?
max - (addr - skip) : BUFSIZ, fp))) {
for (i = 0; i < buflen; i++, addr++) {
for (;;) {
if (max >= 0)
size = MIN(max - (addr - skip), size);
if (!(n = fread(buf, 1, size, fp)))
break;
for (i = 0; i < n; i++, addr++) {
line[lineoff++] = buf[i];
if (lineoff == linelen) {
printline(line, lineoff, addr - lineoff + 1);