From 4dbf2813d0b5bc31973a78bed75abfcaf8203353 Mon Sep 17 00:00:00 2001
From: Dave Davenport <qball@gmpclient.org>
Date: Wed, 27 Apr 2016 12:55:48 +0200
Subject: Issue #388, Try to make history parser more robust against
 corruption.

---
 source/history.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'source/history.c')

diff --git a/source/history.c b/source/history.c
index 094b9bcc..07baef32 100644
--- a/source/history.c
+++ b/source/history.c
@@ -90,18 +90,28 @@ static _element ** __history_get_element_list ( FILE *fd, unsigned int *length )
     while ( ( l = getline ( &buffer, &buffer_length, fd ) ) > 0 ) {
         char * start = NULL;
         // Skip empty lines.
-        if ( strlen ( buffer ) == 0 ) {
+        if ( l <= 1 ) {
+            continue;
+        }
+
+        long int index = strtol ( buffer, &start, 10 );
+        if ( start == buffer || *start == '\0' ) {
+            continue;
+        }
+        start++;
+        if ( (l - (start-buffer)) < 3) {
             continue;
         }
         // Resize and check.
         retv = g_realloc ( retv, ( *length + 2 ) * sizeof ( _element* ) );
 
         retv[( *length )] = g_malloc ( sizeof ( _element ) );
+
         // remove trailing \n
-        buffer[strlen ( buffer ) - 1] = '\0';
+        buffer[l - 1] = '\0';
         // Parse the number of times.
-        retv[( *length )]->index = strtol ( buffer, &start, 10 );
-        retv[( *length )]->name  = g_strndup ( start + 1, l - 1 - ( start + 1 - buffer ) );
+        retv[( *length )]->index = index;
+        retv[( *length )]->name  = g_strndup ( start, l - 1 - ( start - buffer ) );
         // Force trailing '\0'
         retv[( *length ) + 1] = NULL;
 
-- 
cgit v1.2.3