From bef613ff2ff8c618082b4540c42f975bdeaf64a4 Mon Sep 17 00:00:00 2001 From: Piotr Pawel Stefaniak Date: Sun, 3 Jun 2018 17:07:56 +0000 Subject: [PATCH] indent(1): the check for buffer overflow has to be done before copy --- usr.bin/indent/indent.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.bin/indent/indent.c b/usr.bin/indent/indent.c index e6a83a8a84a..562031b0b6d 100644 --- a/usr.bin/indent/indent.c +++ b/usr.bin/indent/indent.c @@ -1193,10 +1193,10 @@ check_type: *sc_end++ = ' '; --line_no; } + if (sc_end - save_com + com_end - com_start > sc_size) + errx(1, "input too long"); bcopy(s_lab + com_start, sc_end, com_end - com_start); sc_end += com_end - com_start; - if (sc_end >= &save_com[sc_size]) - errx(1, "input too long"); e_lab = s_lab + com_start; while (e_lab > s_lab && (e_lab[-1] == ' ' || e_lab[-1] == '\t')) e_lab--;