From c255f8b492ea8309b7f554aa2814545efa67fa58 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 30 Dec 2006 19:21:48 +0000
Subject: prevent accessing memory that we dont own

---
 scripts/basic/fixdep.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c
index df3446e35..2fa78ee6a 100644
--- a/scripts/basic/fixdep.c
+++ b/scripts/basic/fixdep.c
@@ -231,10 +231,10 @@ void parse_config_file(char *map, size_t len)
 	int off;
 
 	for (; p < end; p++) {
-		if (!memcmp(p, "CONFIG_", 7)) goto conf7;
-		if (!memcmp(p, "ENABLE_", 7)) goto conf7;
-		if (!memcmp(p, "USE_", 4)) goto conf4;
-		if (!memcmp(p, "SKIP_", 5)) goto conf5;
+		if (p<end-7 && !memcmp(p, "CONFIG_", 7)) goto conf7;
+		if (p<end-7 && !memcmp(p, "ENABLE_", 7)) goto conf7;
+		if (p<end-4 && !memcmp(p, "USE_", 4)) goto conf4;
+		if (p<end-5 && !memcmp(p, "SKIP_", 5)) goto conf5;
 		continue;
 	conf4:	off = 4; goto conf;
 	conf5:	off = 5; goto conf;
@@ -303,7 +303,7 @@ void parse_dep_file(void *map, size_t len)
 	char *p;
 	char s[PATH_MAX];
 
-	p = strchr(m, ':');
+	p = memchr(m, ':', len);
 	if (!p) {
 		fprintf(stderr, "fixdep: parse error\n");
 		exit(1);
-- 
cgit v1.2.3-55-g6feb