1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
From: Maxime Chatelle <xakz@rxsoft.eu>
Date: Fri, 12 May 2017 10:49:00 +0200
Subject: better-checking-of-return-value-of-Split-function
Better checking of the return value of the Split() function (util.c)
<https://bugs.debian.org/716055>
---
Instant/browse.c | 4 ++++
Instant/main.c | 15 +++++++++++++++
2 files changed, 19 insertions(+)
diff --git a/Instant/browse.c b/Instant/browse.c
index d20c77c..a1dde52 100644
--- a/Instant/browse.c
+++ b/Instant/browse.c
@@ -128,6 +128,10 @@ Browse()
}
ac = 20;
av = Split(buf, &ac, S_ALVEC);
+ if (!av) {
+ printf("Bad input line entered.\n");
+ break;
+ }
if (ac > 0) cmd = av[0];
if (!cmd || !(*cmd)) continue;
diff --git a/Instant/main.c b/Instant/main.c
index 00b9934..b3162e8 100644
--- a/Instant/main.c
+++ b/Instant/main.c
@@ -255,6 +255,11 @@ CmdLineSetVariable(
*cp = ' ';
n = 2;
tok = Split(buf, &n, 0);
+ if (!tok) {
+ fprintf(stderr, "Error: Bad input in variable assignment: %s\n",
+ var);
+ return;
+ }
/* see if variable name matches one of our internal ones */
if (!strcmp(tok[0], "verbose")) verbose = atoi(tok[1]);
else if (!strcmp(tok[0], "warnings")) warnings = atoi(tok[1]);
@@ -474,6 +479,11 @@ AccumElemInfo(
case CMD_ATT: /* Aname val */
i = 3;
tok = Split(buf, &i, 0);
+ if (!tok) {
+ fprintf(stderr, "Error: Malformed command, line %d: %c%s\n",
+ e->lineno, c, buf);
+ break;
+ }
if (!strcmp(tok[1], "IMPLIED")) break; /* skip IMPLIED atts. */
if (!strcmp(tok[1], "CDATA") || !strcmp(tok[1], "TOKEN") ||
!strcmp(tok[1], "ENTITY") ||!strcmp(tok[1], "NOTATION"))
@@ -519,6 +529,11 @@ AccumElemInfo(
case CMD_EXT_ENT: /* Eename typ nname */
i = 3;
tok = Split(buf, &i, 0);
+ if (!tok) {
+ fprintf(stderr, "Error: Malformed command, line %d: %c%s\n",
+ e->lineno, c, buf);
+ break;
+ }
ent.ename = strdup(tok[0]);
ent.type = strdup(tok[1]);
ent.nname = strdup(tok[2]);
|
