Do not scan past the end of the read data in pj_ctx_fgets

use-of-uninitialized-value third_party/proj4/proj/src/pj_fileapi.c:pj_ctx_fgets Found with autofuzz msan
author: Kurt Schwehr <schwehr@google.com> 2018-06-15 12:33:10 -0700
committer: Kurt Schwehr <schwehr@google.com> 2018-06-15 12:33:10 -0700
commit: d35a698b3545b3bd4abc157c5f617916111fc4bc (patch)
tree: 42cbf320ba3a8373da4f59a6f350e410378a40bd /src
parent: 5b683520628a35f8f39633a9458dd56561eb3810 (diff)
download: PROJ-d35a698b3545b3bd4abc157c5f617916111fc4bc.tar.gz
PROJ-d35a698b3545b3bd4abc157c5f617916111fc4bc.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/pj_fileapi.c b/src/pj_fileapi.c
index d8a447d6..eba96afd 100644
--- a/src/pj_fileapi.c
+++ b/src/pj_fileapi.c
@@ -188,6 +188,7 @@ char *pj_ctx_fgets(projCtx ctx, char *line, int size, PAFile file)
     long start = pj_ctx_ftell(ctx, file);
     size_t bytes_read;
     int i;
+    int max_size;
 
     line[size-1] = '\0';
     bytes_read = pj_ctx_fread(ctx, line, 1, size-1, file);
@@ -198,7 +199,8 @@ char *pj_ctx_fgets(projCtx ctx, char *line, int size, PAFile file)
         line[bytes_read] = '\0';
     }
 
-    for( i = 0; i < size-2; i++)
+    max_size = (int)MIN(bytes_read, (size_t)(size > 2 ? size - 2 : 0));
+    for( i = 0; i < max_size; i++)
     {
         if (line[i] == '\n')
         {
author	Kurt Schwehr <schwehr@google.com>	2018-06-15 12:33:10 -0700
committer	Kurt Schwehr <schwehr@google.com>	2018-06-15 12:33:10 -0700
commit	d35a698b3545b3bd4abc157c5f617916111fc4bc (patch)
tree	42cbf320ba3a8373da4f59a6f350e410378a40bd /src
parent	5b683520628a35f8f39633a9458dd56561eb3810 (diff)
download	PROJ-d35a698b3545b3bd4abc157c5f617916111fc4bc.tar.gz PROJ-d35a698b3545b3bd4abc157c5f617916111fc4bc.zip