itsam: avoid out-of-bounds read in rterm - plan9port - [fork] Plan 9 from user space Err mx1.adamsgaard.dk 70 hgit clone git://src.adamsgaard.dk/plan9port URL:git://src.adamsgaard.dk/plan9port mx1.adamsgaard.dk 70 1Log /src/plan9port/log.gph mx1.adamsgaard.dk 70 1Files /src/plan9port/files.gph mx1.adamsgaard.dk 70 1Refs /src/plan9port/refs.gph mx1.adamsgaard.dk 70 1README /src/plan9port/file/README.md.gph mx1.adamsgaard.dk 70 1LICENSE /src/plan9port/file/LICENSE.gph mx1.adamsgaard.dk 70 i--- Err mx1.adamsgaard.dk 70 1commit 3ccd61629b641613bcccbc51125330efab9c89a7 /src/plan9port/commit/3ccd61629b641613bcccbc51125330efab9c89a7.gph mx1.adamsgaard.dk 70 1parent 6a80119eb509bd948d87ad1b84b0a82855a3c691 /src/plan9port/commit/6a80119eb509bd948d87ad1b84b0a82855a3c691.gph mx1.adamsgaard.dk 70 hAuthor: Russ Cox URL:mailto:rsc@swtch.com mx1.adamsgaard.dk 70 iDate: Thu, 14 Jan 2021 10:05:50 -0500 Err mx1.adamsgaard.dk 70 i Err mx1.adamsgaard.dk 70 isam: avoid out-of-bounds read in rterm Err mx1.adamsgaard.dk 70 i Err mx1.adamsgaard.dk 70 iUsually r->nused < r->nalloc and the read is in bounds. Err mx1.adamsgaard.dk 70 iBut it could in theory be right on the line and reading Err mx1.adamsgaard.dk 70 ipast the end of the allocation. Err mx1.adamsgaard.dk 70 i Err mx1.adamsgaard.dk 70 iMake it safe but preserve as much of the old semantics Err mx1.adamsgaard.dk 70 ias possible. This use of rterm appears to be only for Err mx1.adamsgaard.dk 70 ioptimization purposes so the result does not matter Err mx1.adamsgaard.dk 70 ifor correctness. Err mx1.adamsgaard.dk 70 i Err mx1.adamsgaard.dk 70 iDiffstat: Err mx1.adamsgaard.dk 70 i M src/cmd/sam/rasp.c | 4 ++-- Err mx1.adamsgaard.dk 70 i Err mx1.adamsgaard.dk 70 i1 file changed, 2 insertions(+), 2 deletions(-) Err mx1.adamsgaard.dk 70 i--- Err mx1.adamsgaard.dk 70 1diff --git a/src/cmd/sam/rasp.c b/src/cmd/sam/rasp.c /src/plan9port/file/src/cmd/sam/rasp.c.gph mx1.adamsgaard.dk 70 it@@ -283,8 +283,8 @@ rterm(List *r, Posn p1) Err mx1.adamsgaard.dk 70 i Err mx1.adamsgaard.dk 70 i for(p = 0,i = 0; inused && p+L(i)<=p1; p+=L(i++)) Err mx1.adamsgaard.dk 70 i ; Err mx1.adamsgaard.dk 70 i- if(i==r->nused && (i==0 || !T(i-1))) Err mx1.adamsgaard.dk 70 i- return 0; Err mx1.adamsgaard.dk 70 i+ if(i==r->nused) Err mx1.adamsgaard.dk 70 i+ return i > 0 && T(i-1); Err mx1.adamsgaard.dk 70 i return T(i); Err mx1.adamsgaard.dk 70 i } Err mx1.adamsgaard.dk 70 i Err mx1.adamsgaard.dk 70 .