BUG/MINOR: cfgparse: correctly deal with empty lines

Issue 23653 in oss-fuzz reports a heap overflow bug which is in fact a
bug introduced by commit 9e1758efb ("BUG/MEDIUM: cfgparse: use
parse_line() to expand/unquote/unescape config lines") to address
oss-fuzz issue 22689, which was only partially fixed by commit 70f58997f
("BUG/MINOR: cfgparse: Support configurations without newline at EOF").

Actually on an empty line, end == line so we cannot dereference end-1
to check for a trailing LF without first being sure that end is greater
than line.

No backport is needed, this is 2.2 only.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 92f17691ca594e033188008a8bb11c8fafee80bc..63efc9114ec7a0c58ba40ce4c9e01a873c35958c 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1916,7 +1916,7 @@ next_line:
 
                readbytes = 0;
 
-               if (*(end-1) == '\n') {
+               if (end > line && *(end-1) == '\n') {
                        /* kill trailing LF */
                        *(end - 1) = 0;
                }