mirror of
https://github.com/Cloudef/bemenu
synced 2024-12-22 02:29:58 +00:00
Fix out-of-bounds read when parsing --list argument
When running bemenu like: env BEMENU_OPTS="--list 3" bemenu Valgrind will report an out-of-bounds read: Invalid read of size 1 at 0x10BC91: do_getopt.part.0 (common.c:366) by 0x10C635: do_getopt (common.c:340) by 0x10C635: parse_args (common.c:556) by 0x10B535: main (bemenu.c:55) Address 0x4ac13e2 is 0 bytes after a block of size 2 alloc'd at 0x4849BF3: calloc (vg_replace_malloc.c:1675) by 0x10C533: cstrcopy (common.c:120) by 0x10C533: tokenize_quoted_to_argv (common.c:146) by 0x10C60C: parse_args (common.c:555) by 0x10B535: main (bemenu.c:55) The problem is that the parsing code for `--list` will blindly compare a character past the number of lines to parse for e.g. `--list '3 up'` but the end of the string may come right after the number of lines. In my system Valgrind does not find the error when running bemenu like `bemenu --list 3` even though the logic is equally questionable. Fix it by checking that there is more after the number of lines.
This commit is contained in:
parent
5bc8a6caaa
commit
fa84d4b2d6
@ -363,7 +363,7 @@ do_getopt(struct client *client, int *argc, char **argv[])
|
||||
{
|
||||
char *ptr;
|
||||
client->lines = strtol(optarg, &ptr, 10);
|
||||
client->lines_mode = (!strcmp(ptr + 1, "up") ? BM_LINES_UP : BM_LINES_DOWN);
|
||||
client->lines_mode = (*ptr && !strcmp(ptr + 1, "up") ? BM_LINES_UP : BM_LINES_DOWN);
|
||||
break;
|
||||
}
|
||||
case 'c':
|
||||
|
Loading…
Reference in New Issue
Block a user