From cddcd6612b66cb3963920b5f2734850a217d7020 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@cl.no>
Date: Mon, 29 Feb 2016 01:50:14 +0100
Subject: validate: Fix buffer over-read on incomplete escape sequence.

https://bugs.freedesktop.org/show_bug.cgi?id=94303
---
 src/validate.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/validate.c b/src/validate.c
index b4b752e..7403c18 100644
--- a/src/validate.c
+++ b/src/validate.c
@@ -1225,6 +1225,16 @@ handle_exec_key (kf_validator *kf,
         break;
       case '\\':
         PRINT_INVALID_IF_FLAG;
+
+        /* Escape character immediately followed by \0? */
+        if (*(c + 1) == '\0') {
+          print_fatal (kf, "value \"%s\" for key \"%s\" in group \"%s\" "
+                           "ends in an incomplete escape sequence\n",
+                           value, locale_key, kf->current_group);
+          retval = FALSE;
+          break;
+        }
+
         c++;
         if (*c == '\\' && in_quote)
           escaped = !escaped;
-- 
cgit v1.2.1