From 3917c2589d9fd6fffeab3964a14fa3e4f7f94dfb Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Wed, 15 May 2024 02:45:01 +0300 Subject: [PATCH] filesystem: fix buffer overflow in FS_Read when we pass single byte buffer to it with one character sitting in ungetc --- filesystem/filesystem.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/filesystem/filesystem.c b/filesystem/filesystem.c index 18d92839..efd7b1ec 100644 --- a/filesystem/filesystem.c +++ b/filesystem/filesystem.c @@ -2137,6 +2137,10 @@ fs_offset_t FS_Read( file_t *file, void *buffer, size_t buffersize ) buffersize--; file->ungetc = EOF; done = 1; + + // we had one byte in the buffer, it was ungetc'ed, so exit + if( buffersize == 0 ) + return 1; } else done = 0;