From c026b0e4b153d948d0d25856a94498d7946ccfbf Mon Sep 17 00:00:00 2001
From: "Martin T. H. Sandsmark" <martin.sandsmark@kde.org>
Date: Sat, 11 Jun 2016 18:27:32 +0200
Subject: [PATCH] Fix potential out of bounds read.

The check was only done when not memory mapped, so there was a potential
out of bounds read. In addition the check only printed an error, and
didn't return and went ahead with the erronous read.

The 'loc' variable is indirectly read from the file, so in case the
history file is corrupted this could potentially lead to a crash.

Found by Coverity.

REVIEW: 128153
---
 src/History.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/History.cpp b/src/History.cpp
index d00b95af..fbde8a26 100644
--- a/src/History.cpp
+++ b/src/History.cpp
@@ -158,14 +158,17 @@ void HistoryFile::get(unsigned char* buffer, int size, int loc)
     if (!_fileMap && _readWriteBalance < MAP_THRESHOLD)
         map();
 
+    if (loc < 0 || size < 0 || loc + size > _length) {
+        fprintf(stderr, "getHist(...,%d,%d): invalid args.\n", size, loc);
+        return;
+    }
+
     if (_fileMap) {
         for (int i = 0; i < size; i++)
             buffer[i] = _fileMap[loc + i];
     } else {
         int rc = 0;
 
-        if (loc < 0 || size < 0 || loc + size > _length)
-            fprintf(stderr, "getHist(...,%d,%d): invalid args.\n", size, loc);
         rc = QT_LSEEK(_fd, loc, SEEK_SET);
         if (rc < 0) {
             perror("HistoryFile::get.seek");