From 17a92f3995976b5d7618d1a2442e0028c1b192de Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Fri, 28 Feb 2020 16:48:42 +0100 Subject: [PATCH] devproc: make sure writewatchpt() doesnt overflow the watchpoint array the user buffer could be changed while we parse it resulting in a different number of watchpoints than initially calculated. so add a check to the parse loop so we wont overflow the watchpoint array. --- sys/src/9/port/devproc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/src/9/port/devproc.c b/sys/src/9/port/devproc.c index b2509ddcb..4692eafda 100644 --- a/sys/src/9/port/devproc.c +++ b/sys/src/9/port/devproc.c @@ -812,7 +812,7 @@ writewatchpt(Proc *pr, char *buf, int nbuf, uvlong offset) } if(nwp0 > 0) memmove(wp, pr->watchpt, sizeof(Watchpt) * nwp0); - for(wq = wp + nwp0;;){ + for(wq = wp + nwp0; wq < wp + nwp0+nwp;){ q = memchr(p, '\n', e - p); if(q == nil) break;