From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <darktemplar@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=unavailable autolearn_force=no version=3.4.1
From: Aleksei Nikiforov <darktemplar@altlinux.org>
To: devel@lists.altlinux.org
Date: Thu, 12 Dec 2019 12:57:14 +0300
Message-Id: <20191212095730.83787-6-darktemplar@altlinux.org>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20191212095730.83787-1-darktemplar@altlinux.org>
References: <20191211234857.GB17949@altlinux.org>
 <20191212095730.83787-1-darktemplar@altlinux.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Cc: Aleksei Nikiforov <darktemplar@altlinux.org>
Subject: [devel] [PATCH for apt v2 05/21] Fix memory access outside of
	allocated buffer ranges
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Dec 2019 09:58:24 -0000
Archived-At: <http://lore.altlinux.org/devel/20191212095730.83787-6-darktemplar@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

Found via cppcheck:
[apt/apt-pkg/contrib/configuration.cc:674] -> [apt/apt-pkg/contrib/configuration.cc:675]:
(warning) Either the condition 'StackPos<=100' is redundant or the array 'Stack[100]'
is accessed at index 100, which is out of bounds.
---
 apt/apt-pkg/contrib/configuration.cc | 2 +-
 apt/cmdline/apt-shell.cc             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apt/apt-pkg/contrib/configuration.cc b/apt/apt-pkg/contrib/configuration.cc
index 214babc..8c0e5fb 100644
--- a/apt/apt-pkg/contrib/configuration.cc
+++ b/apt/apt-pkg/contrib/configuration.cc
@@ -671,7 +671,7 @@ bool ReadConfigFile(Configuration &Conf, const string &FName,bool AsSectional,
 	    // Go down a level
 	    if (TermChar == '{')
 	    {
-	       if (StackPos <= 100)
+	       if (StackPos < sizeof(Stack)/sizeof(*Stack))
 		  Stack[StackPos++] = ParentTag;
 	       
 	       /* Make sectional tags incorperate the section into the
diff --git a/apt/cmdline/apt-shell.cc b/apt/cmdline/apt-shell.cc
index d192783..7b033da 100644
--- a/apt/cmdline/apt-shell.cc
+++ b/apt/cmdline/apt-shell.cc
@@ -4088,7 +4088,7 @@ int main(int argc,const char *argv[])
       // *q = buffer checker, copying valid stuff to *p
       while (*q != 0)
       {
-	 if (largc > sizeof(largv)/sizeof(*largv))
+	 if (largc >= sizeof(largv)/sizeof(*largv))
 	 {
 	    _error->Error(_("Exceeded maximum number of command arguments"));
 	    break;
-- 
2.24.1