In commit
3f2c8af313 ("MINOR: tools: make parse_line() provide hints
about empty args") we've added the ability to record the position of
the first empty arg in parse_line(), but that check requires to
access the args[] array for the current arg, which is not valid in
case we stopped on too large an argument count. Let's just check the
arg's validity before doing so.
This was reported by OSS Fuzz:
https://issues.oss-fuzz.com/issues/
415850462
No backport is needed since this was in the latest dev branch.
err |= PARSE_ERR_TOOMANY;
}
if (prev_in_arg && !in_arg) {
- if (!empty_arg_ptr && args[arg] == out + arg_start)
+ if (!empty_arg_ptr && arg < argsmax && args[arg] == out + arg_start)
empty_arg_ptr = begin_new_arg;
EMIT_CHAR(0);
arg++;
}
if (prev_in_arg && !in_arg) {
- if (!empty_arg_ptr && args[arg] == out + arg_start)
+ if (!empty_arg_ptr && arg < argsmax && args[arg] == out + arg_start)
empty_arg_ptr = begin_new_arg;
EMIT_CHAR(0);
arg++;
/* end of output string */
if (in_arg) {
- if (!empty_arg_ptr && args[arg] == out + arg_start)
+ if (!empty_arg_ptr && arg < argsmax && args[arg] == out + arg_start)
empty_arg_ptr = begin_new_arg;
EMIT_CHAR(0);
arg++;
projects / thirdparty / haproxy.git / commitdiff
