Fix buffer overrun in guestfish command-line parsing.

author Richard W.M. Jones <rjones@redhat.com>

Thu, 23 Apr 2009 13:47:06 +0000 (14:47 +0100)

committer Richard W.M. Jones <rjones@redhat.com>

Thu, 23 Apr 2009 13:47:06 +0000 (14:47 +0100)
author Richard W.M. Jones <rjones@redhat.com>
Thu, 23 Apr 2009 13:47:06 +0000 (14:47 +0100)
committer Richard W.M. Jones <rjones@redhat.com>
Thu, 23 Apr 2009 13:47:06 +0000 (14:47 +0100)
diff --git a/fish/fish.c b/fish/fish.c

index 41776ca..1255a2d 100644 (file)
--- a/fish/fish.c
+++ b/fish/fish.c
@@ -366,7 +366,7 @@ script (int prompt)
           goto next_command;
         }
         p[len] = '\0';
           goto next_command;
         }
         p[len] = '\0';
-       pend = &p[len+2];
+       pend = p[len+1] ? &p[len+2] : &p[len+1];
        } else if (*p == '\'') {
         p++;
         len = strcspn (p, "'");
        } else if (*p == '\'') {
         p++;
         len = strcspn (p, "'");
@@ -381,7 +381,7 @@ script (int prompt)
           goto next_command;
         }
         p[len] = '\0';
           goto next_command;
         }
         p[len] = '\0';
-       pend = &p[len+2];
+       pend = p[len+1] ? &p[len+2] : &p[len+1];
         /*
        } else if (*p == '[') {
         int c = 1;
         /*
        } else if (*p == '[') {
         int c = 1;
author	Richard W.M. Jones <rjones@redhat.com>
	Thu, 23 Apr 2009 13:47:06 +0000 (14:47 +0100)
committer	Richard W.M. Jones <rjones@redhat.com>
	Thu, 23 Apr 2009 13:47:06 +0000 (14:47 +0100)