diff options
| author | Markus Uhlin <markus@nifty-networks.net> | 2026-04-04 02:15:13 +0200 |
|---|---|---|
| committer | Markus Uhlin <markus@nifty-networks.net> | 2026-04-04 02:15:13 +0200 |
| commit | 06e795a034dc3ef9ba0980b868686b5b3e15509f (patch) | |
| tree | 73bae039050cb19769f45163338090e1efce0d71 | |
| parent | f6facff5ee0fc4153e7bd7fcfea93289d51b9e37 (diff) | |
com_stats_andify: bounds check 'p_howmany'
| -rw-r--r-- | FICS/comproc.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/FICS/comproc.c b/FICS/comproc.c index 1cea82b..b11f564 100644 --- a/FICS/comproc.c +++ b/FICS/comproc.c @@ -89,6 +89,9 @@ #include <bsd/string.h> #endif +#define NUMBERS_SIZE \ + (MAX_OBSERVE > MAX_SIMUL ? MAX_OBSERVE : MAX_SIMUL) + #define WHO_OPEN 0x01 #define WHO_CLOSED 0x02 #define WHO_RATED 0x04 @@ -392,6 +395,11 @@ com_stats_andify(int *numbers, int p_howmany, char *dest, size_t dsize) *dest = '\0'; + if (p_howmany < 0 || p_howmany >= NUMBERS_SIZE) { + warnx("%s: integer out of bounds", __func__); + return; + } + while (p_howmany--) { snprintf(tmp, sizeof tmp, "%d", numbers[p_howmany]); strlcat(dest, tmp, dsize); @@ -447,8 +455,6 @@ com_stats_rating(char *hdr, statistics *stats, char *dest, const size_t dsize) PUBLIC int com_stats(int p, param_list param) { -#define NUMBERS_SIZE \ - (MAX_OBSERVE > MAX_SIMUL ? MAX_OBSERVE : MAX_SIMUL) char line[255] = { '\0' }; char tmp[255] = { '\0' }; int g, i, t; |