colcrt: avoid writing beyond array bound [afl & asan]

text-utils/colcrt.c:205:10: runtime error: index -1 out of bounds for type 'wchar_t [133]'
SUMMARY: AddressSanitizer: undefined-behavior text-utils/colcrt.c:205
=================================================================
==2357==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013811b0 at pc 0x0000004e2514 bp 0x7ffdf6ba4450 sp 0x7ffdf6ba4448
READ of size 4 at 0x0000013811b0 thread T0
    #0 0x4e2513 in colcrt /home/src/util-linux/text-utils/colcrt.c:213:8
    #1 0x4e17d4 in main /home/src/util-linux/text-utils/colcrt.c:139:3
    #2 0x7fb77236960f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #3 0x4362c8 in _start (/home/src/util-linux/colcrt+0x4362c8)

Reported-by: Alaa Mubaied <alaamubaied@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>

diff --git a/text-utils/colcrt.c b/text-utils/colcrt.c
index cf630c4043a432bf7712a19e5f5fa89a0a096b61..3cf25cbbe70ff11737d4f0488f383392fe7f1cbd 100644 (file)
--- a/text-utils/colcrt.c
+++ b/text-utils/colcrt.c
@@ -201,6 +201,8 @@ void colcrt(FILE *f) {
                        /* fallthrough */
                default:
                        w = wcwidth(c);
+                       if (w < 0)
+                               continue;
                        if (outcol + w > PAGE_ARRAY_COLS) {
                                outcol++;
                                continue;