From: Sami Kerola <kerolasa@iki.fi>
Date: Sun, 9 Aug 2015 17:16:34 +0000 (+0100)
Subject: colcrt: avoid writing beyond array bound [afl & asan]
X-Git-Tag: v2.27-rc2~22^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d883d64d96ab9bef510745d064a351145b9babec;p=thirdparty%2Futil-linux.git

colcrt: avoid writing beyond array bound [afl & asan]

text-utils/colcrt.c:205:10: runtime error: index -1 out of bounds for type 'wchar_t [133]'
SUMMARY: AddressSanitizer: undefined-behavior text-utils/colcrt.c:205
=================================================================
==2357==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000013811b0 at pc 0x0000004e2514 bp 0x7ffdf6ba4450 sp 0x7ffdf6ba4448
READ of size 4 at 0x0000013811b0 thread T0
    #0 0x4e2513 in colcrt /home/src/util-linux/text-utils/colcrt.c:213:8
    #1 0x4e17d4 in main /home/src/util-linux/text-utils/colcrt.c:139:3
    #2 0x7fb77236960f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #3 0x4362c8 in _start (/home/src/util-linux/colcrt+0x4362c8)

Reported-by: Alaa Mubaied <alaamubaied@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---

diff --git a/text-utils/colcrt.c b/text-utils/colcrt.c
index cf630c4043..3cf25cbbe7 100644
--- a/text-utils/colcrt.c
+++ b/text-utils/colcrt.c
@@ -201,6 +201,8 @@ void colcrt(FILE *f) {
 			/* fallthrough */
 		default:
 			w = wcwidth(c);
+			if (w < 0)
+				continue;
 			if (outcol + w > PAGE_ARRAY_COLS) {
 				outcol++;
 				continue;