From 5b6d3797eae3bac824cf72c0c8f64f51e3d4eaef Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Mon, 1 Jul 2013 18:57:12 +0200
Subject: Don't crash if an option's argument is missing

Avoid dereferencing argv[argc].

See http://www.forallsecure.com/bug-reports/011f1a55f79a5501b36008d6ee0d40e8b6644569/

Reported-by: Alexandre Rebert <alexandre@cmu.edu>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
 main.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'main.c')

diff --git a/main.c b/main.c
index e42b0cf..e73cd8d 100644
--- a/main.c
+++ b/main.c
@@ -242,6 +242,8 @@ main(int argc, char *argv[])
 			break;
 		case 'D':
 			if (argv[0][2] == '\0') {
+				if (argc < 2)
+					fatalerr("Missing argument for -D\n");
 				argv++;
 				argc--;
 			}
@@ -257,6 +259,8 @@ main(int argc, char *argv[])
 			    fatalerr("Too many -I flags.\n");
 			*incp++ = argv[0]+2;
 			if (**(incp-1) == '\0') {
+				if (argc < 2)
+					fatalerr("Missing argument for -I\n");
 				*(incp-1) = *(++argv);
 				argc--;
 			}
@@ -270,6 +274,8 @@ main(int argc, char *argv[])
 			    undeflist = realloc(undeflist,
 						numundefs * sizeof(char *));
 			if (argv[0][2] == '\0') {
+				if (argc < 2)
+					fatalerr("Missing argument for -U\n");
 				argv++;
 				argc--;
 			}
@@ -286,6 +292,8 @@ main(int argc, char *argv[])
 		case 'w':
 			if (endmarker) break;
 			if (argv[0][2] == '\0') {
+				if (argc < 2)
+					fatalerr("Missing argument for -w\n");
 				argv++;
 				argc--;
 				width = atoi(argv[0]);
@@ -295,6 +303,8 @@ main(int argc, char *argv[])
 		case 'o':
 			if (endmarker) break;
 			if (argv[0][2] == '\0') {
+				if (argc < 2)
+					fatalerr("Missing argument for -o\n");
 				argv++;
 				argc--;
 				objsuffix = argv[0];
@@ -304,6 +314,8 @@ main(int argc, char *argv[])
 		case 'p':
 			if (endmarker) break;
 			if (argv[0][2] == '\0') {
+				if (argc < 2)
+					fatalerr("Missing argument for -p\n");
 				argv++;
 				argc--;
 				objprefix = argv[0];
@@ -322,6 +334,8 @@ main(int argc, char *argv[])
 			if (endmarker) break;
 			startat = argv[0]+2;
 			if (*startat == '\0') {
+				if (argc < 2)
+					fatalerr("Missing argument for -s\n");
 				startat = *(++argv);
 				argc--;
 			}
@@ -333,6 +347,8 @@ main(int argc, char *argv[])
 			if (endmarker) break;
 			makefile = argv[0]+2;
 			if (*makefile == '\0') {
+				if (argc < 2)
+					fatalerr("Missing argument for -f\n");
 				makefile = *(++argv);
 				argc--;
 			}
-- 
cgit v1.2.3