dc: Parse error & fix out of bounds read in xc_program_printString

function old new delta xc_program_print 712 735 +23 Signed-off-by: Brian Foley <bpfoley@google.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Brian Foley <bpfoley@google.com> 2019-09-05 10:53:21 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2019-09-05 10:53:21 +0200
commit: 10509a70ee5c28800d23bf891b4f72603447e364 (patch)
tree: a6a44ba6e4f4cc71257a6894494c62f827f0d7ce /miscutils
parent: b64470be177314e8473fae6c32cab51cacb89fa7 (diff)
download: busybox-10509a70ee5c28800d23bf891b4f72603447e364.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/miscutils/bc.c b/miscutils/bc.c
index 016300ac1..e492f0f50 100644
--- a/miscutils/bc.c
+++ b/miscutils/bc.c
@@ -5456,11 +5456,13 @@ static void xc_program_printString(const char *str)
 			char *n;
 
 			c = *str++;
-			n = strchr(esc, c); // note: c can be NUL
-			if (!n) {
+			n = strchr(esc, c); // note: if c is NUL, n = \0 at end of esc
+			if (!n || !c) {
 				// Just print the backslash and following character
 				bb_putchar('\\');
 				++G.prog.nchars;
+				// But if we're at the end of the string, stop
+				if (!c) break;
 			} else {
 				if (n - esc == 0) // "\n" ?
 					G.prog.nchars = SIZE_MAX;
author	Brian Foley <bpfoley@google.com>	2019-09-05 10:53:21 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2019-09-05 10:53:21 +0200
commit	10509a70ee5c28800d23bf891b4f72603447e364 (patch)
tree	a6a44ba6e4f4cc71257a6894494c62f827f0d7ce /miscutils
parent	b64470be177314e8473fae6c32cab51cacb89fa7 (diff)
download	busybox-10509a70ee5c28800d23bf891b4f72603447e364.tar.gz