Fix buffer overrun in sys-file-reader.c(text_match)

author John Darrington <john@darrington.wattle.id.au>

Sat, 6 Aug 2016 02:45:26 +0000 (04:45 +0200)

committer John Darrington <john@darrington.wattle.id.au>

Sat, 6 Aug 2016 02:45:26 +0000 (04:45 +0200)
author John Darrington <john@darrington.wattle.id.au>
Sat, 6 Aug 2016 02:45:26 +0000 (04:45 +0200)
committer John Darrington <john@darrington.wattle.id.au>
Sat, 6 Aug 2016 02:45:26 +0000 (04:45 +0200)
diff --git a/src/data/sys-file-reader.c b/src/data/sys-file-reader.c

index 57e1dc822c6d655867f1f525d84036e3749d249b..a2c0830ce604fcab341b9dbce6f95dd062740603 100644 (file)
--- a/src/data/sys-file-reader.c
+++ b/src/data/sys-file-reader.c
@@ -297,8 +297,7 @@ static bool read_variable_to_value_pair (struct sfm_reader *,
                                           struct text_record *,
                                           struct variable **var, char **value);
  static void text_warn (struct sfm_reader *r, struct text_record *text,
-                       const char *format, ...)
-  PRINTF_FORMAT (3, 4);
+                       const char *format, ...)  PRINTF_FORMAT (3, 4);
  static char *text_get_token (struct text_record *,
                               struct substring delimiters, char *delimiter);
  static bool text_match (struct text_record *, char c);
@@ -3141,6 +3140,9 @@ text_parse_counted_string (struct sfm_reader *r, struct text_record *text)
  static bool
  text_match (struct text_record *text, char c)
  {
+  if (text->pos >= text->buffer.length)
+    return false;
+  
    if (text->buffer.string[text->pos] == c) 
      {
        text->pos++;
author	John Darrington <john@darrington.wattle.id.au>
	Sat, 6 Aug 2016 02:45:26 +0000 (04:45 +0200)
committer	John Darrington <john@darrington.wattle.id.au>
	Sat, 6 Aug 2016 02:45:26 +0000 (04:45 +0200)