diff options
author | Jonas Fonseca <jonas.fonseca@gmail.com> | 2017-07-03 20:59:25 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-07-03 20:59:25 -0400 |
commit | 077f9dbe5b286dd17c0017e0c825605cce1d3f62 (patch) | |
tree | 9540d21b2df9cb52c2f6d882c0a9068483b729c3 | |
parent | 44df9f98636f15bd82e2b966b985cab868304527 (diff) | |
parent | e5c749e7a97fd0a3ce9300fd34175d4c02682b0f (diff) |
Merge pull request #634 from rolandwalker/quoted-argv-corruption
don't read past end-of-string in quoted case of concat_argv
-rw-r--r-- | src/argv.c | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -25,9 +25,8 @@ concat_argv(const char *argv[], char *buf, size_t buflen, const char *sep, bool for (bufpos = 0, argc = 0; argv[argc]; argc++) { const char *arg_sep = argc ? sep : ""; const char *arg = argv[argc]; - int pos; - if (quoted && arg[(pos = strcspn(arg, " \t\""))]) { + if (quoted && arg[strcspn(arg, " \t\"")]) { if (!string_nformat(buf, buflen, &bufpos, "%s\"", arg_sep)) return false; @@ -37,7 +36,10 @@ concat_argv(const char *argv[], char *buf, size_t buflen, const char *sep, bool if (!string_nformat(buf, buflen, &bufpos, "%.*s%s", pos, arg, qesc)) return false; - arg += pos + 1; + if (!arg[pos]) + break; + else + arg += pos + 1; } if (!string_nformat(buf, buflen, &bufpos, "\"")) |