From: Ben Pfaff <blp@cs.stanford.edu>
Date: Mon, 24 Sep 2018 02:36:22 +0000 (-0700)
Subject: command-name: Avoid read past end of input buffer in find_word().
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a02c8c084678a90529038bea3ce4bd6ca3ce80fe;p=pspp

command-name: Avoid read past end of input buffer in find_word().

When the input substring S is not null-terminated, find_word() could read
past its end looking for a non-digit.  This fixes the problem.
---

diff --git a/src/language/lexer/command-name.c b/src/language/lexer/command-name.c
index 8ef64d9f25..24443a0995 100644
--- a/src/language/lexer/command-name.c
+++ b/src/language/lexer/command-name.c
@@ -60,7 +60,7 @@ find_word (struct substring *s, struct substring *word)
     }
   else if (c_isdigit (c))
     {
-      while (c_isdigit (s->string[ofs]))
+      while (ofs < s->length && c_isdigit (s->string[ofs]))
         ofs++;
     }
   ss_get_bytes (s, ofs, word);