Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible buffer overrun in CLI parsing #73

Open
apconole opened this issue Aug 23, 2021 · 1 comment
Open

Possible buffer overrun in CLI parsing #73

apconole opened this issue Aug 23, 2021 · 1 comment

Comments

@apconole
Copy link
Contributor

parse_cli.l:497:

<getup2tc>[0-7]			{ up2tc_a[up2tc_idx] = atoi(yytext);
				up2tc_idx++;

up2tc_idx is possibly outside bounds. Needs closer inspection.
@penguin359
Copy link
Contributor

penguin359 commented Jul 6, 2024
edited
Loading

My [f]lex knowledge is a little weak, but I don't see an immediate issue. This is the only place that variable is incremented and elsewhere, it's reset to zero. Comments I would make around there is that 8 should be replaced by the correct constant and, perhaps, up2tc_idx should be reset to zero when it hits the end in case this state gets triggered again:

<getup2tc>[0-7]                 { up2tc_a[up2tc_idx] = atoi(yytext);
                                up2tc_idx++;
                                if (up2tc_idx == MAX_USER_PRIORITIES) {
                                        up2tc_idx = 0;
                                        BEGIN(getpgargs);
                                }
                                }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@penguin359 @apconole