Package: funtools / 1.4.4+dfsg2-1

fix_crashes.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
Author: Ole Streicher <debian@liska.ath.cx>
Description: Check cmd line arguments for illegal input that caused crashes
 found with the "Mayhem" tool.
Bug: http://bugs.debian.org/715928
Bug: http://bugs.debian.org/715929
--- a/funjoin.c
+++ b/funjoin.c
@@ -737,7 +737,7 @@ main(argc, argv)
       case 'a':
 	if( argv[i][2] ){
 	  j = atoi(&argv[i][2])-1;
-	  if( (j >= 0) && (j < MAXIFILE) ){
+	  if( (j >= 0) && (j < MAXIFILE) && (i < argc-1)){
 	    files[j].actstr = argv[++i];
 	  }
 	  else{
@@ -751,7 +751,7 @@ main(argc, argv)
       case 'b':
 	if( argv[i][2] ){
 	  j = atoi(&argv[i][2])-1;
-	  if( (j >= 0) && (j < MAXIFILE) ){
+	  if( (j >= 0) && (j < MAXIFILE) && (i < argc-1)){
 	    files[j].bstr = argv[++i];
 	  }
 	  else{
@@ -765,7 +765,7 @@ main(argc, argv)
       case 'j':
 	if( argv[i][2] ){
 	  j = atoi(&argv[i][2])-1;
-	  if( (j >= 0) && (j < MAXIFILE) ){
+	  if( (j >= 0) && (j < MAXIFILE) && (i < argc-1)){
 	    files[j].jname = argv[++i];
 	  }
 	  else{
@@ -773,25 +773,35 @@ main(argc, argv)
 	  }
 	}
 	else{
-	  defcol = argv[++i];
+          if (i < argc-1) {
+	    defcol = argv[++i];
+	  }
 	}
 	break;
       case 'm':
-	minmatch = atoi(argv[++i])+1;
+        if (i < argc-1) {
+	  minmatch = atoi(argv[++i])+1;
+	}
 	if( minmatch < 1 ) minmatch = 1;
 	break;
       case 'M':
-	maxmatch = atoi(argv[++i])+1;
+        if (i < argc-1) {
+	  maxmatch = atoi(argv[++i])+1;
+	}
 	if( maxmatch < 1 ) maxmatch = 1;
 	break;
       case 's':
 	jfiles = JFILES_COL;
 	break;
       case 'S':
-	jfiles = argv[++i];
+        if (i < argc-1) {
+	  jfiles = argv[++i];
+	}
 	break;
       case 't':
-	tol = atof(argv[++i]);
+        if (i < argc-1) {
+	  tol = atof(argv[++i]);
+	}
 	if( tol <= 0 ){
 	  gerror(stderr, "tolerance value must be positive\n");
 	}
--- a/funimage.c
+++ b/funimage.c
@@ -338,12 +338,16 @@ main(argc, argv)
     t = strchr(s, ',');
     strncat(newname, s, t-s);
     strncat(newname, ",y:", SZ_LINE-strlen(newname));
-    s = ++t;
-    t = strchr(s, ',');
-    strncat(newname, s, t-s);
+    if (t != NULL) {
+      s = ++t;
+      t = strchr(s, ',');
+      strncat(newname, s, t-s);
+    }
     strncat(newname, "),", SZ_LINE-strlen(newname));
-    s = ++t;
-    strncat(newname, s, SZ_LINE-strlen(newname));
+    if (t != NULL) {
+	s = ++t;
+	strncat(newname, s, SZ_LINE-strlen(newname));
+    }
     iname = newname;
   }