Bugfix: check bounds before accessing memory

This fixes the following issue when having an error early in the config file:

==1562==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6220000180ff at pc 0x55c837edb1d3 bp 0x7ffee7534650 sp 0x7ffee7534648
READ of size 1 at 0x6220000180ff thread T0
    #0 0x55c837edb1d2 in start_of_line ../../i3/src/config_parser.c:238
    #1 0x55c837edc96f in parse_config ../../i3/src/config_parser.c:493
    #2 0x55c837edf527 in parse_file ../../i3/src/config_parser.c:1091
    #3 0x55c837ecf14b in parse_configuration ../../i3/src/config.c:65
    #4 0x55c837ed1ef4 in load_configuration ../../i3/src/config.c:230
    #5 0x55c837f0a8d0 in main ../../i3/src/main.c:539
    #6 0x7fb63ae042b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #7 0x55c837e95eb9 in _start (/home/michael/i3/build/i3+0x4beb9)

0x6220000180ff is located 1 bytes to the left of 5165-byte region [0x622000018100,0x62200001952d)
allocated by thread T0 here:
    #0 0x7fb63e590cf8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1cf8)
    #1 0x55c837f59aa6 in smalloc ../../i3/libi3/safewrappers.c:24
    #2 0x55c837edef45 in parse_file ../../i3/src/config_parser.c:1029
    #3 0x55c837ecf14b in parse_configuration ../../i3/src/config.c:65
    #4 0x55c837ed1ef4 in load_configuration ../../i3/src/config.c:230
    #5 0x55c837f0a8d0 in main ../../i3/src/main.c:539
    #6 0x7fb63ae042b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

diff --git a/src/config_parser.c b/src/config_parser.c
index e72923d6658905eee9521d7518fc896f66a923ae..c36847370d7f94d40b5df0cb0d0812b01657419f 100644 (file)
--- a/src/config_parser.c
+++ b/src/config_parser.c
@@ -235,7 +235,7 @@ static void next_state(const cmdp_token *token) {
  *
  */
 static const char *start_of_line(const char *walk, const char *beginning) {
-    while (*walk != '\n' && *walk != '\r' && walk >= beginning) {
+    while (walk >= beginning && *walk != '\n' && *walk != '\r') {
         walk--;
     }