Skip to content

Commit

Permalink
Fix out of bounds read
Browse files Browse the repository at this point in the history
  • Loading branch information
ddeclerck committed Dec 20, 2024
1 parent 6d3e4fb commit 2cffeca
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 19 deletions.
46 changes: 27 additions & 19 deletions libcob/move.c
Original file line number Diff line number Diff line change
Expand Up @@ -1114,7 +1114,7 @@ optimized_move_display_to_edited (cob_field *f1, cob_field *f2)
continue;
}
for (n = p->times_repeated; n > 0; n--) {
unsigned int src_num = COB_D2I (*src);
unsigned int src_num;
#ifndef NDEBUG
if (dst >= dst_end) {
cob_runtime_error ("optimized_move_display_to_edited: overflow in destination field");
Expand All @@ -1125,6 +1125,7 @@ optimized_move_display_to_edited (cob_field *f1, cob_field *f2)

case '9':
suppress_zero = 0;
src_num = COB_D2I (*src);
*dst = COB_I2D (src_num);
if (src_num != 0) {
is_zero = 0;
Expand All @@ -1134,6 +1135,7 @@ optimized_move_display_to_edited (cob_field *f1, cob_field *f2)
break;

case 'Z':
src_num = COB_D2I (*src);
*dst = COB_I2D (src_num);
pad = ' ';
if (src_num != 0) {
Expand All @@ -1148,6 +1150,7 @@ optimized_move_display_to_edited (cob_field *f1, cob_field *f2)
break;

case '*':
src_num = COB_D2I (*src);
*dst = COB_I2D (src_num);
have_check_protect = 1;
if (src_num != 0) {
Expand All @@ -1174,25 +1177,27 @@ optimized_move_display_to_edited (cob_field *f1, cob_field *f2)
sign_position = dst;
dst++;
break;
} else if (src_num == 0 && suppress_zero && !have_decimal_point) {
*prev_float_char = ' ';
prev_float_char = dst;
sign_position = dst;
*dst = c;
dst++;
src++;
break;
} else {
*dst = COB_I2D (src_num);
if (src_num != 0) {
is_zero = 0;
suppress_zero = 0;
src_num = COB_D2I (*src);
if (src_num == 0 && suppress_zero && !have_decimal_point) {
*prev_float_char = ' ';
prev_float_char = dst;
sign_position = dst;
*dst = c;
dst++;
src++;
break;
} else {
*dst = COB_I2D (src_num);
if (src_num != 0) {
is_zero = 0;
suppress_zero = 0;
}
dst++;
src++;
break;
}
dst++;
src++;
break;
}

case '.':
case ',':
if (c == dec_symbol) {
Expand Down Expand Up @@ -1288,14 +1293,16 @@ optimized_move_display_to_edited (cob_field *f1, cob_field *f2)
prev_float_char = dst;
dst++;
break;
} else if ((src_num == 0) && (suppress_zero) && (!have_decimal_point)) {
} else {
src_num = COB_D2I (*src);
if ((src_num == 0) && (suppress_zero) && (!have_decimal_point)) {
*prev_float_char = ' ';
prev_float_char = dst;
*dst = c;
dst++;
src++;
break;
} else {
} else {
*dst = COB_I2D (src_num);
if (src_num != 0) {
is_zero = 0;
Expand All @@ -1304,6 +1311,7 @@ optimized_move_display_to_edited (cob_field *f1, cob_field *f2)
dst++;
src++;
break;
}
}
}
}
Expand Down
20 changes: 20 additions & 0 deletions tests/testsuite.src/run_misc.at
Original file line number Diff line number Diff line change
Expand Up @@ -15132,3 +15132,23 @@ AT_CHECK([COB_PROF_ENABLE=1 COB_PROF_FILE=prof.csv $COBCRUN_DIRECT ./caller], [0
])

AT_CLEANUP


AT_SETUP([MOVE to NUMERIC-EDITED safety])

AT_DATA([prog.cob], [
IDENTIFICATION DIVISION.
PROGRAM-ID. prog.
DATA DIVISION.
WORKING-STORAGE SECTION.
01 X PIC 9(5) VALUE 0.
01 Y PIC 9(5)CR.
PROCEDURE DIVISION.
MOVE X TO Y.
STOP RUN.
])

AT_CHECK([$COMPILE prog.cob])
AT_CHECK([$COBCRUN_DIRECT ./prog], [0], [], [])

AT_CLEANUP

0 comments on commit 2cffeca

Please sign in to comment.