Security: Invalid write in controller_entry_read() due to missing allocation.

The `entry->items` must be increased when the `at` variable is increased.

diff --git a/level_3/controller/c/entry/private-entry.c b/level_3/controller/c/entry/private-entry.c
index 8742d43d7f73e23c53bb9bfd3322736d4d52f029..b0d7dba774f5ca1b42028d51c13411172c97f35f 100644 (file)
--- a/level_3/controller/c/entry/private-entry.c
+++ b/level_3/controller/c/entry/private-entry.c
@@ -1726,16 +1726,35 @@ extern "C" {
 
             continue;
           }
-          else if (entry->items.used) {
-            at = entry->items.used++;
-          }
           else {
+            if (entry->items.used) {
+              status = controller_entry_items_increase_by(controller_common_allocation_small_d, &entry->items);
+
+              if (F_status_is_error(status)) {
+                controller_entry_print_error(is_entry, global.main->error, cache->action, F_status_set_fine(status), "controller_entry_items_increase_by", F_true, global.thread);
+
+                break;
+              }
 
-            // skip position 0, which is reserved for "main".
-            entry->items.array[0].name.used = 0;
+              at = entry->items.used++;
+            }
+            else {
+              if (entry->items.size < 2) {
+                status = controller_entry_items_increase_by(2, &entry->items);
 
-            at = 1;
-            entry->items.used = 2;
+                if (F_status_is_error(status)) {
+                  controller_entry_print_error(is_entry, global.main->error, cache->action, F_status_set_fine(status), "controller_entry_items_increase_by", F_true, global.thread);
+
+                  break;
+                }
+              }
+
+              // skip position 0, which is reserved for "main".
+              entry->items.array[0].name.used = 0;
+
+              at = 1;
+              entry->items.used = 2;
+            }
           }
 
           entry->items.array[at].line = cache->action.line_item;