diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | Src/builtin.c | 10 |
2 files changed, 7 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog index 2cc699b67..0ced3c876 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2018-04-07 Oliver Kiddle <okiddle@yahoo.co.uk> + * 42601: Src/builtin.c: tidy up code for set -A/+A to not + increment a NULL pointer and to be more efficient + * 42607, CVE-2018-1100: Src/utils.c: check bounds on buffer in mail checking diff --git a/Src/builtin.c b/Src/builtin.c index fb59738f3..73cfe7ad1 100644 --- a/Src/builtin.c +++ b/Src/builtin.c @@ -695,13 +695,11 @@ bin_set(char *nam, char **args, UNUSED(Options ops), UNUSED(int func)) char **a = NULL, **y; int len = arrlen(args); - if (array < 0 && (a = getaparam(arrayname))) { - int al = arrlen(a); - - if (al > len) - len = al; + if (array < 0 && (a = getaparam(arrayname)) && arrlen_gt(a, len)) { + a += len; + len += arrlen(a); } - for (x = y = zalloc((len + 1) * sizeof(char *)); len--; a++) { + for (x = y = zalloc((len + 1) * sizeof(char *)); len--;) { if (!*args) args = a; *y++ = ztrdup(*args++); |