From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <darktemplar@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=ham autolearn_force=no version=3.4.1
From: Aleksei Nikiforov <darktemplar@altlinux.org>
To: devel@lists.altlinux.org
Date: Tue, 10 Dec 2019 18:23:10 +0300
Message-Id: <20191210152343.33867-6-darktemplar@altlinux.org>
X-Mailer: git-send-email 2.24.0
In-Reply-To: <20191210152343.33867-1-darktemplar@altlinux.org>
References: <20191210152343.33867-1-darktemplar@altlinux.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Cc: Aleksei Nikiforov <darktemplar@altlinux.org>
Subject: [devel] [PATCH for apt 05/38] Fix memory access outside of
	allocated buffer ranges
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2019 15:24:41 -0000
X-List-Received-Date: Tue, 10 Dec 2019 15:24:41 -0000
Archived-At: <http://lore.altlinux.org/devel/20191210152343.33867-6-darktemplar@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

Found via cppcheck
---
 apt/apt-pkg/contrib/configuration.cc | 2 +-
 apt/cmdline/apt-shell.cc             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apt/apt-pkg/contrib/configuration.cc b/apt/apt-pkg/contrib/configuration.cc
index 214babc..8c0e5fb 100644
--- a/apt/apt-pkg/contrib/configuration.cc
+++ b/apt/apt-pkg/contrib/configuration.cc
@@ -671,7 +671,7 @@ bool ReadConfigFile(Configuration &Conf, const string &FName,bool AsSectional,
 	    // Go down a level
 	    if (TermChar == '{')
 	    {
-	       if (StackPos <= 100)
+	       if (StackPos < sizeof(Stack)/sizeof(*Stack))
 		  Stack[StackPos++] = ParentTag;
 	       
 	       /* Make sectional tags incorperate the section into the
diff --git a/apt/cmdline/apt-shell.cc b/apt/cmdline/apt-shell.cc
index d192783..7b033da 100644
--- a/apt/cmdline/apt-shell.cc
+++ b/apt/cmdline/apt-shell.cc
@@ -4088,7 +4088,7 @@ int main(int argc,const char *argv[])
       // *q = buffer checker, copying valid stuff to *p
       while (*q != 0)
       {
-	 if (largc > sizeof(largv)/sizeof(*largv))
+	 if (largc >= sizeof(largv)/sizeof(*largv))
 	 {
 	    _error->Error(_("Exceeded maximum number of command arguments"));
 	    break;
-- 
2.24.0