LibCore: Fix segfault in CArgsParser (#1072)

CArgsParser::parse_next_param did not properly ensure that, when a param required a following argument, there were enough parameters left to complete the parse. This meant that params_left could become negative, avoiding parse_next_param's termination condition, and cause a segfault when reading from argv with an out of bounds index. This fixes the check to ensure that we do in fact have the right amount of parameters and also adds an assertion to ensure that params_left does not become negative.
Author: https://github.com/DrewStratford Commit: https://github.com/SerenityOS/serenity/commit/2a8de4cdec3 Pull-request: https://github.com/SerenityOS/serenity/pull/1072
2025-04-21 12:05:15 +00:00 · 2020-01-14 02:52:25 +13:00 · 2020-01-14 02:52:25 +13:00 · 2a8de4cdec · 2024-07-19 10:04:26 +09:00
commit 2a8de4cdec
parent ad5ee27ea9
1 changed files with 2 additions and 1 deletions
--- a/Libraries/LibCore/CArgsParser.cpp
+++ b/Libraries/LibCore/CArgsParser.cpp
@ -59,6 +59,7 @@ CArgsParserResult CArgsParser::parse(int argc, char** argv)

 int CArgsParser::parse_next_param(int index, char** argv, const int params_left, CArgsParserResult& res)
 {
+    ASSERT(params_left >= 0);
    if (params_left == 0)
        return 0;

@ -80,7 +81,7 @@ int CArgsParser::parse_next_param(int index, char** argv, const int params_left,

        // If this parameter must be followed by a value, we look for it
        if (!arg->value.value_name.is_null()) {
-            if (params_left < 1) {
+            if (params_left < 2) {
                printf("Missing value for argument %s\n", arg->value.name.characters());
                return -1;
            }