Wed Feb 3 05:32:14 2016 UTC ()
PR/50750: David Binderman: Check bounds before dereference


(christos)
diff -r1.14 -r1.15 src/usr.bin/unexpand/unexpand.c
cvs diff -r1.14 -r1.15 src/usr.bin/unexpand/unexpand.c (expand / switch to unified diff)

--- src/usr.bin/unexpand/unexpand.c 2008/12/21 02:33:13 1.14
+++ src/usr.bin/unexpand/unexpand.c 2016/02/03 05:32:14 1.15
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: unexpand.c,v 1.14 2008/12/21 02:33:13 christos Exp $ */ 1/* $NetBSD: unexpand.c,v 1.15 2016/02/03 05:32:14 christos Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 1980, 1993 4 * Copyright (c) 1980, 1993
5 * The Regents of the University of California. All rights reserved. 5 * The Regents of the University of California. All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -29,27 +29,27 @@ @@ -29,27 +29,27 @@
29 * SUCH DAMAGE. 29 * SUCH DAMAGE.
30 */ 30 */
31 31
32#include <sys/cdefs.h> 32#include <sys/cdefs.h>
33#ifndef lint 33#ifndef lint
34__COPYRIGHT("@(#) Copyright (c) 1980, 1993\ 34__COPYRIGHT("@(#) Copyright (c) 1980, 1993\
35 The Regents of the University of California. All rights reserved."); 35 The Regents of the University of California. All rights reserved.");
36#endif /* not lint */ 36#endif /* not lint */
37 37
38#ifndef lint 38#ifndef lint
39#if 0 39#if 0
40static char sccsid[] = "@(#)unexpand.c 8.1 (Berkeley) 6/6/93"; 40static char sccsid[] = "@(#)unexpand.c 8.1 (Berkeley) 6/6/93";
41#endif 41#endif
42__RCSID("$NetBSD: unexpand.c,v 1.14 2008/12/21 02:33:13 christos Exp $"); 42__RCSID("$NetBSD: unexpand.c,v 1.15 2016/02/03 05:32:14 christos Exp $");
43#endif /* not lint */ 43#endif /* not lint */
44 44
45/* 45/*
46 * unexpand - put tabs into a file replacing blanks 46 * unexpand - put tabs into a file replacing blanks
47 */ 47 */
48#include <limits.h> 48#include <limits.h>
49#include <stdio.h> 49#include <stdio.h>
50#include <stdlib.h> 50#include <stdlib.h>
51#include <string.h> 51#include <string.h>
52#include <unistd.h> 52#include <unistd.h>
53#include <errno.h> 53#include <errno.h>
54#include <err.h> 54#include <err.h>
55#include <util.h> 55#include <util.h>
@@ -144,50 +144,50 @@ tabify(const char *line, size_t len) @@ -144,50 +144,50 @@ tabify(const char *line, size_t len)
144 144
145 dcol = ocol = 0; 145 dcol = ocol = 0;
146 limit = nstops == 0 ? UINT_MAX : tabstops[nstops - 1] - 1; 146 limit = nstops == 0 ? UINT_MAX : tabstops[nstops - 1] - 1;
147 e = line + len; 147 e = line + len;
148 for (p = line; p < e; p++) { 148 for (p = line; p < e; p++) {
149 if (*p == ' ') { 149 if (*p == ' ') {
150 dcol++; 150 dcol++;
151 continue; 151 continue;
152 } else if (*p == '\t') { 152 } else if (*p == '\t') {
153 if (nstops == 0) { 153 if (nstops == 0) {
154 dcol = (1 + dcol / DSTOP) * DSTOP; 154 dcol = (1 + dcol / DSTOP) * DSTOP;
155 continue; 155 continue;
156 } else { 156 } else {
157 for (n = 0; tabstops[n] - 1 < dcol && 157 for (n = 0; n < nstops &&
158 n < nstops; n++) 158 tabstops[n] - 1 < dcol; n++)
159 continue; 159 continue;
160 if (n < nstops - 1 && tabstops[n] - 1 < limit) { 160 if (n < nstops - 1 && tabstops[n] - 1 < limit) {
161 dcol = tabstops[n]; 161 dcol = tabstops[n];
162 continue; 162 continue;
163 } 163 }
164 } 164 }
165 } 165 }
166 166
167 /* Output our tabs */ 167 /* Output our tabs */
168 if (nstops == 0) { 168 if (nstops == 0) {
169 while (((ocol + DSTOP) / DSTOP) <= (dcol / DSTOP)) { 169 while (((ocol + DSTOP) / DSTOP) <= (dcol / DSTOP)) {
170 if (dcol - ocol < 2) 170 if (dcol - ocol < 2)
171 break; 171 break;
172 if (putchar('\t') == EOF) 172 if (putchar('\t') == EOF)
173 goto out; 173 goto out;
174 ocol = (1 + ocol / DSTOP) * DSTOP; 174 ocol = (1 + ocol / DSTOP) * DSTOP;
175 } 175 }
176 } else { 176 } else {
177 for (n = 0; tabstops[n] <= ocol && n < nstops; n++) 177 for (n = 0; n < nstops && tabstops[n] <= ocol; n++)
178 continue; 178 continue;
179 while (tabstops[n] <= dcol && ocol < dcol && 179 while (n < nstops && tabstops[n] <= dcol && ocol < dcol
180 n < nstops && ocol < limit) { 180 && ocol < limit) {
181 if (putchar('\t') == EOF) 181 if (putchar('\t') == EOF)
182 goto out; 182 goto out;
183 ocol = tabstops[n++]; 183 ocol = tabstops[n++];
184 } 184 }
185 } 185 }
186 186
187 /* Output remaining spaces */ 187 /* Output remaining spaces */
188 while (ocol < dcol && ocol < limit) { 188 while (ocol < dcol && ocol < limit) {
189 if (putchar(' ') == EOF) 189 if (putchar(' ') == EOF)
190 goto out; 190 goto out;
191 ocol++; 191 ocol++;
192 } 192 }
193 193