return;
ofs += strlen(p);
+ pctx->buf_filled = ofs;
if (pctx->buf[ofs - 1] == '\n') {
pctx->line++;
return;
*pos_src += 1;
}
+static int uci_increase_pos(struct uci_parse_context *pctx, size_t add)
+{
+ if (pctx->pos + add > pctx->buf_filled)
+ return -EINVAL;
+
+ pctx->pos += add;
+ return 0;
+}
+
/*
* parse a double quoted string argument from the command line
*/
char *name;
/* command string null-terminated by strtok */
- pctx->pos += strlen(pctx_cur_str(pctx)) + 1;
+ if (uci_increase_pos(pctx, strlen(pctx_cur_str(pctx)) + 1))
+ uci_parse_error(ctx, "package without name");
ofs_name = next_arg(ctx, true, true, true);
assert_eol(ctx);
}
/* command string null-terminated by strtok */
- pctx->pos += strlen(pctx_cur_str(pctx)) + 1;
+ if (uci_increase_pos(pctx, strlen(pctx_cur_str(pctx)) + 1))
+ uci_parse_error(ctx, "config without name");
ofs_type = next_arg(ctx, true, false, false);
type = pctx_str(pctx, ofs_type);
uci_parse_error(ctx, "option/list command found before the first section");
/* command string null-terminated by strtok */
- pctx->pos += strlen(pctx_cur_str(pctx)) + 1;
+ if (uci_increase_pos(pctx, strlen(pctx_cur_str(pctx)) + 1))
+ uci_parse_error(ctx, "option without name");
ofs_name = next_arg(ctx, true, true, false);
ofs_value = next_arg(ctx, false, false, false);
$ for file in $(LC_ALL=C find $FUZZ_CORPUS -type f | sort ); do
> uci-san import -f $file; \
> done
+ uci-san: Parse error (package without name) at line 0, byte 68
uci-san: I/O error
uci-san: Parse error (invalid command) at line 0, byte 0
uci-san: Parse error (invalid command) at line 1, byte 18
$ for file in $(LC_ALL=C find $FUZZ_CORPUS -type f | sort ); do
> valgrind --quiet --leak-check=full uci import -f $file; \
> done
+ uci: Parse error (package without name) at line 0, byte 68
uci: I/O error
uci: Parse error (invalid command) at line 0, byte 0
uci: Parse error (invalid command) at line 1, byte 18