ref: a0e6b9b6b4c4e454201dc18fd04db414f11cd36e
parent: 6cbfe36885806fff34fd3d6c0f22d439e9321dc7
author: Roberto E. Vargas Caballero <k0ga@shike2.com>
date: Thu Mar 12 15:16:01 EDT 2015
Avoid memory corruption in cc2 we were taking a value of the user and using it as index of an array without checking that the value was correct.
--- a/cc2/parser.c
+++ b/cc2/parser.c
@@ -398,12 +398,13 @@
{Node *np;
void (*fun)(char *);
+ unsigned c;
if (!curfun)
error(ESYNTAX);
do {- if ((fun = optbl[token[0]]) == NULL)
+ if ((c = token[0]) > 0x1f || (fun = optbl[c]) == NULL)
error(ESYNTAX);
(*fun)(token);
} while (token = strtok(NULL, "\t"));
--
⑨