From d15d17d4231f87f1571fa6d585377206f360f667 Mon Sep 17 00:00:00 2001
From: Nicolò Mazzucato <nicomazz97@gmail.com>
Date: Wed, 22 Apr 2020 21:01:53 +0100
Subject: 12786 fix CTF pointer overrun Reviewed by: Toomas Soome
 <tsoome@me.com> Reviewed by: Robert Mustacchi <rm@fingolfin.org> Approved by:
 Dan McDonald <danmcd@joyent.com>

---
 usr/src/common/ctf/ctf_lookup.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'usr/src')

diff --git a/usr/src/common/ctf/ctf_lookup.c b/usr/src/common/ctf/ctf_lookup.c
index 05aa54d6cb..b45b7ad793 100644
--- a/usr/src/common/ctf/ctf_lookup.c
+++ b/usr/src/common/ctf/ctf_lookup.c
@@ -133,7 +133,8 @@ ctf_lookup_by_name(ctf_file_t *fp, const char *name)
 
 		for (lp = fp->ctf_lookups; lp->ctl_prefix != NULL; lp++) {
 			if (lp->ctl_prefix[0] == '\0' ||
-			    strncmp(p, lp->ctl_prefix, (size_t)(q - p)) == 0) {
+			    ((size_t)(q - p) >= lp->ctl_len && strncmp(p,
+			    lp->ctl_prefix, (size_t)(q - p)) == 0)) {
 				for (p += lp->ctl_len; isspace(*p); p++)
 					continue; /* skip prefix and next ws */
 
-- 
cgit v1.2.3