From 968789d5426442ac43b96eabd65f3e5c0c141e62 Mon Sep 17 00:00:00 2001 From: Eugene Syromyatnikov Date: Tue, 28 Jun 2022 16:47:56 +0200 Subject: [PATCH] strauss: fix off-by-one error in strauss array access It has to be limited with strauss_lines - 1, not strauss_lines. Reported by covscan: Error: OVERRUN (CWE-119): strace-5.18/src/strauss.c:380: cond_at_least: Checking "4UL + i < 37UL" implies that "i" is at least 33 on the false branch. strace-5.18/src/strauss.c:380: overrun-local: Overrunning array "strauss" of 37 8-byte elements at element index 37 (byte offset 303) using index "(4UL + i < 37UL) ? 4UL + i : 37UL" (which evaluates to 37). * src/strauss.c (print_totd): Limit strauss array accesses to strauss_lines - 1 instead of strauss_lines. --- src/strauss.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/strauss.c b/src/strauss.c index 98af183..b22ab6a 100644 --- a/src/strauss.c +++ b/src/strauss.c @@ -373,16 +373,16 @@ print_totd(void) tip_left[MIN(i + 1, ARRAY_SIZE(tip_left) - 1)], w, w, tips_tricks_tweaks[id][i] ?: "", tip_right[MIN(i + 1, ARRAY_SIZE(tip_right) - 1)], - strauss[MIN(3 + i, strauss_lines)]); + strauss[MIN(3 + i, strauss_lines - 1)]); } fprintf(stderr, "%s%s\n", - tip_bottom, strauss[MIN(3 + i, strauss_lines)]); + tip_bottom, strauss[MIN(3 + i, strauss_lines - 1)]); do { fprintf(stderr, "%*s%*s%*s%s\n", (int) strlen(tip_left[0]), "", w, "", (int) strlen(tip_right[0]), "", - strauss[MIN(4 + i, strauss_lines)]); + strauss[MIN(4 + i, strauss_lines - 1)]); } while ((show_tips == TIPS_FULL) && (4 + ++i < strauss_lines)); printed = true; -- 2.1.4