fix for CVE-2019-19917 and CVE-2019-19918CVE-2019-19918_CVE-2019-19918

The one in StringQuotedWord was more complicated because it was due to a string longer than MAX_BUFF, and when I fixed the access there, other places had errors. The one in srcnext needed only an extra test in a loop. I tested the manual in doc/user before and after, and the only differences seemed to be places that embedded the current time.
author: William Bader <williambader@hotmail.com> 2020-10-22 22:55:28 +0000
committer: Matěj Cepl <mcepl@cepl.eu> 2024-05-19 08:27:32 +0200
commit: 67ccb0444a64ca650a6e446a3d120d69a537c573 (patch)
tree: efdb45351b457d3f389ebc042444776a207af429 /z02.c
parent: eb3942e15700f3f4f61b4e46917ae8fbe614e524 (diff)
download: lout-CVE-2019-19918_CVE-2019-19918.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/z02.c b/z02.c
index 6e3cf03..d0b6a12 100644
--- a/z02.c
+++ b/z02.c
@@ -379,7 +379,7 @@ static void srcnext(void)
   if( blksize != 0 && chpt < limit )
   { debugcond0(DLA, DD, stack_free <= 1, "srcnext: transferring.");
     col = buf;
-    while( chtbl[(*--col = *--limit)] != NEWLINE );
+    while( col > mem_block && chtbl[(*--col = *--limit)] != NEWLINE );
     frst = col + 1;  limit++;  blksize = 0;
   }
author	William Bader <williambader@hotmail.com>	2020-10-22 22:55:28 +0000
committer	Matěj Cepl <mcepl@cepl.eu>	2024-05-19 08:27:32 +0200
commit	67ccb0444a64ca650a6e446a3d120d69a537c573 (patch)
tree	efdb45351b457d3f389ebc042444776a207af429 /z02.c
parent	eb3942e15700f3f4f61b4e46917ae8fbe614e524 (diff)
download	lout-CVE-2019-19918_CVE-2019-19918.tar.gz