From 2a8de4cdec3775b0acf874baca4a0237837c7333 Mon Sep 17 00:00:00 2001 From: DrewStratford Date: Tue, 14 Jan 2020 02:52:25 +1300 Subject: [PATCH] LibCore: Fix segfault in CArgsParser (#1072) CArgsParser::parse_next_param did not properly ensure that, when a param required a following argument, there were enough parameters left to complete the parse. This meant that params_left could become negative, avoiding parse_next_param's termination condition, and cause a segfault when reading from argv with an out of bounds index. This fixes the check to ensure that we do in fact have the right amount of parameters and also adds an assertion to ensure that params_left does not become negative. --- Libraries/LibCore/CArgsParser.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Libraries/LibCore/CArgsParser.cpp b/Libraries/LibCore/CArgsParser.cpp index bf7f8ed1b1..97bd963959 100644 --- a/Libraries/LibCore/CArgsParser.cpp +++ b/Libraries/LibCore/CArgsParser.cpp @@ -59,6 +59,7 @@ CArgsParserResult CArgsParser::parse(int argc, char** argv) int CArgsParser::parse_next_param(int index, char** argv, const int params_left, CArgsParserResult& res) { + ASSERT(params_left >= 0); if (params_left == 0) return 0; @@ -80,7 +81,7 @@ int CArgsParser::parse_next_param(int index, char** argv, const int params_left, // If this parameter must be followed by a value, we look for it if (!arg->value.value_name.is_null()) { - if (params_left < 1) { + if (params_left < 2) { printf("Missing value for argument %s\n", arg->value.name.characters()); return -1; }