diff options
author | Peter Stephenson <p.w.stephenson@ntlworld.com> | 2023-05-13 21:49:07 +0100 |
---|---|---|
committer | Peter Stephenson <p.w.stephenson@ntlworld.com> | 2023-05-13 21:49:07 +0100 |
commit | a95198e268ec1d432c37afc8dc4f8839acc0c8d0 (patch) | |
tree | 6e2a7fe63abb80700a46955cb5425de7c9c8ba94 | |
parent | b4d1c756f50909b4a13e5c8fe5f26f71e9d54f63 (diff) | |
download | zsh-a95198e268ec1d432c37afc8dc4f8839acc0c8d0.tar.gz zsh-a95198e268ec1d432c37afc8dc4f8839acc0c8d0.tar.xz zsh-a95198e268ec1d432c37afc8dc4f8839acc0c8d0.zip |
51722: Safety for extracting elements of $historywords
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | Src/Modules/parameter.c | 11 |
2 files changed, 14 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog index 18bc4a698..85fc1de96 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2023-05-13 Peter Stephenson <p.w.stephenson@ntlworld.com> + + * 51722: Src/Modules/parameter.c: Add safety to extracting + elements of $historywords. + 2023-05-13 Oliver Kiddle <opk@zsh.org> * 51738: Doc/Zsh/mod_pcre.yo, Src/Modules/pcre.c, diff --git a/Src/Modules/parameter.c b/Src/Modules/parameter.c index 96a211c69..a05ea2fe4 100644 --- a/Src/Modules/parameter.c +++ b/Src/Modules/parameter.c @@ -1233,9 +1233,16 @@ histwgetfn(UNUSED(Param pm)) pushnode(l, getdata(n)); while (he) { + char *hstr = he->node.nam; + int len = strlen(hstr); for (iw = he->nwords - 1; iw >= 0; iw--) { - h = he->node.nam + he->words[iw * 2]; - e = he->node.nam + he->words[iw * 2 + 1]; + int wbegin = he->words[iw * 2]; + int wend = he->words[iw * 2 + 1]; + + if (wbegin < 0 || wbegin >= len || wend < 0 || wend > len) + break; + h = hstr + wbegin; + e = hstr + wend; sav = *e; *e = '\0'; addlinknode(l, dupstring(h)); |