com_stats_andify: bounds check 'p_howmany'

author: Markus Uhlin <markus@nifty-networks.net> 2026-04-04 02:15:13 +0200
committer: Markus Uhlin <markus@nifty-networks.net> 2026-04-04 02:15:13 +0200
commit: 06e795a034dc3ef9ba0980b868686b5b3e15509f (patch)
tree: 73bae039050cb19769f45163338090e1efce0d71 /FICS/comproc.c
parent: f6facff5ee0fc4153e7bd7fcfea93289d51b9e37 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/FICS/comproc.c b/FICS/comproc.c
index 1cea82b..b11f564 100644
--- a/FICS/comproc.c
+++ b/FICS/comproc.c
@@ -89,6 +89,9 @@
 #include <bsd/string.h>
 #endif
 
+#define NUMBERS_SIZE \
+	(MAX_OBSERVE > MAX_SIMUL ? MAX_OBSERVE : MAX_SIMUL)
+
 #define WHO_OPEN         0x01
 #define WHO_CLOSED       0x02
 #define WHO_RATED        0x04
@@ -392,6 +395,11 @@ com_stats_andify(int *numbers, int p_howmany, char *dest, size_t dsize)
 
 	*dest = '\0';
 
+	if (p_howmany < 0 || p_howmany >= NUMBERS_SIZE) {
+		warnx("%s: integer out of bounds", __func__);
+		return;
+	}
+
 	while (p_howmany--) {
 		snprintf(tmp, sizeof tmp, "%d", numbers[p_howmany]);
 		strlcat(dest, tmp, dsize);
@@ -447,8 +455,6 @@ com_stats_rating(char *hdr, statistics *stats, char *dest, const size_t dsize)
 PUBLIC int
 com_stats(int p, param_list param)
 {
-#define NUMBERS_SIZE \
-	(MAX_OBSERVE > MAX_SIMUL ? MAX_OBSERVE : MAX_SIMUL)
 	char		 line[255] = { '\0' };
 	char		 tmp[255] = { '\0' };
 	int		 g, i, t;
author	Markus Uhlin <markus@nifty-networks.net>	2026-04-04 02:15:13 +0200
committer	Markus Uhlin <markus@nifty-networks.net>	2026-04-04 02:15:13 +0200
commit	06e795a034dc3ef9ba0980b868686b5b3e15509f (patch)
tree	73bae039050cb19769f45163338090e1efce0d71 /FICS/comproc.c
parent	f6facff5ee0fc4153e7bd7fcfea93289d51b9e37 (diff)