patch 8.0.0883: invalid memory access with nonsensical script

brammool · brammool · commit 1c864093f93b · 2017-08-06T18:15:45.000+02:00
Problem:    Invalid memory access with nonsensical script.
Solution:   Check "dstlen" being positive. (Dominique Pelle)
diff --git a/src/misc1.c b/src/misc1.c
@@ -4180,13 +4180,18 @@ expand_env_esc(
 	    }
 	    else if ((src[0] == ' ' || src[0] == ',') && !one)
 		at_start = TRUE;
-	    *dst++ = *src++;
-	    --dstlen;
+	    if (dstlen > 0)
+	    {
+		*dst++ = *src++;
+		--dstlen;
 
-	    if (startstr != NULL && src - startstr_len >= srcp
-		    && STRNCMP(src - startstr_len, startstr, startstr_len) == 0)
-		at_start = TRUE;
+		if (startstr != NULL && src - startstr_len >= srcp
+			&& STRNCMP(src - startstr_len, startstr,
+							    startstr_len) == 0)
+		    at_start = TRUE;
+	    }
 	}
+
     }
     *dst = NUL;
 }
diff --git a/src/version.c b/src/version.c
@@ -769,6 +769,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    883,
 /**/
     882,
 /**/

Original file line number	Diff line number	Diff line change
`@@ -4180,13 +4180,18 @@ expand_env_esc(`
`4180`	`4180`	`}`
`4181`	`4181`	`else if ((src[0] == ' ' \|\| src[0] == ',') && !one)`
`4182`	`4182`	`at_start = TRUE;`
`4183`		`- dst++ = src++;`
`4184`		`- --dstlen;`
	`4183`	`+ if (dstlen > 0)`
	`4184`	`+ {`
	`4185`	`+ dst++ = src++;`
	`4186`	`+ --dstlen;`
`4185`	`4187`
`4186`		`- if (startstr != NULL && src - startstr_len >= srcp`
`4187`		`- && STRNCMP(src - startstr_len, startstr, startstr_len) == 0)`
`4188`		`- at_start = TRUE;`
	`4188`	`+ if (startstr != NULL && src - startstr_len >= srcp`
	`4189`	`+ && STRNCMP(src - startstr_len, startstr,`
	`4190`	`+ startstr_len) == 0)`
	`4191`	`+ at_start = TRUE;`
	`4192`	`+ }`
`4189`	`4193`	`}`
	`4194`	`+`
`4190`	`4195`	`}`
`4191`	`4196`	`*dst = NUL;`
`4192`	`4197`	`}`