Security: Invalid write in controller_entry_read() due to missing allocation.

The `entry->items` must be increased when the `at` variable is increased.

diff --git a/sources/c/program/controller/main/entry.c b/sources/c/program/controller/main/entry.c
index 9cf731c9dcc4c80b5da79ec616ac4000387b95ca..07941cae992c3124e8f3be7724490fefc9c9aa88 100644 (file)
--- a/sources/c/program/controller/main/entry.c
+++ b/sources/c/program/controller/main/entry.c
@@ -186,9 +186,26 @@ extern "C" {
             continue;
           }
           else if (entry->items.used) {
+            state.status = f_memory_array_increase(at, sizeof(controller_entry_item_t), (void **) &entry->items.array, &entry->items.used, &entry->items.size);
+
+            if (F_status_is_error(state.status)) {
+              controller_print_error_entry(&main->program.error, is_entry, F_status_set_fine(state.status), macro_controller_f(f_memory_array_increase_by), F_true);
+
+              break;
+            }
+
             at = entry->items.used++;
           }
           else {
+            if (entry->items.size < 2) {
+              state.status = f_memory_array_resize(2, sizeof(controller_entry_item_t), (void **) &entry->items.array, &entry->items.used, &entry->items.size);
+
+              if (F_status_is_error(state.status)) {
+                controller_print_error_entry(&main->program.error, is_entry, F_status_set_fine(state.status), macro_controller_f(f_memory_array_resize), F_true);
+
+                break;
+              }
+            }
 
             // Skip position 0, which is reserved for "main".
             entry->items.array[0].name.used = 0;