From: millert Date: Tue, 5 Dec 2017 17:47:09 +0000 (+0000) Subject: Fix a case where we could go off the end of the buffer. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bea177d65497ea7128318c79a3f032f529e56683;p=openbsd Fix a case where we could go off the end of the buffer. Crash found by Sergey Bronnikov using afl-fuzz. Based on a diff from and OK by espie@ --- diff --git a/usr.bin/make/for.c b/usr.bin/make/for.c index 64887d5e769..e285d2a6a29 100644 --- a/usr.bin/make/for.c +++ b/usr.bin/make/for.c @@ -1,4 +1,4 @@ -/* $OpenBSD: for.c,v 1.46 2015/01/23 13:18:40 espie Exp $ */ +/* $OpenBSD: for.c,v 1.47 2017/12/05 17:47:09 millert Exp $ */ /* $NetBSD: for.c,v 1.4 1996/11/06 17:59:05 christos Exp $ */ /* @@ -155,9 +155,12 @@ For_Eval(const char *line) Parse_Error(PARSE_FATAL, "Syntax error in for"); return 0; } - endVar = ptr++; - while (ISSPACE(*ptr)) + endVar = ptr; + if (*ptr) { ptr++; + while (ISSPACE(*ptr)) + ptr++; + } /* End of variable list ? */ if (endVar - wrd == 2 && wrd[0] == 'i' && wrd[1] == 'n') break;