From: Ben Pfaff <blp@cs.stanford.edu>
Date: Fri, 11 Oct 2019 04:32:31 +0000 (+0000)
Subject: ascii: Avoid buffer overread outputting page longer than allocated lines.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e7375959ad4c954b165a0b367657702bfaf70fc;p=pspp

ascii: Avoid buffer overread outputting page longer than allocated lines.

This does seem like an odd case but I triggered it at one point and it
costs little to check for it.
---

diff --git a/src/output/ascii.c b/src/output/ascii.c
index 46e017c01e..1a470d0f53 100644
--- a/src/output/ascii.c
+++ b/src/output/ascii.c
@@ -415,14 +415,16 @@ ascii_output_lines (struct ascii_driver *a, size_t n_lines)
 {
   for (size_t y = 0; y < n_lines; y++)
     {
-      struct u8_line *line = &a->lines[y];
+      if (y < a->allocated_lines)
+        {
+          struct u8_line *line = &a->lines[y];
 
-      while (ds_chomp_byte (&line->s, ' '))
-        continue;
-      fwrite (ds_data (&line->s), 1, ds_length (&line->s), a->file);
+          while (ds_chomp_byte (&line->s, ' '))
+            continue;
+          fwrite (ds_data (&line->s), 1, ds_length (&line->s), a->file);
+          u8_line_clear (&a->lines[y]);
+        }
       putc ('\n', a->file);
-
-      u8_line_clear (&a->lines[y]);
     }
 }