From: Kevin Day <Kevin@kevux.org>
Date: Sat, 26 Jul 2025 21:16:40 +0000 (-0500)
Subject: Security: Invalid write in controller_entry_read() due to missing allocation.
X-Git-Tag: 0.7.3~50
X-Git-Url: https://www.git.kevux.org/?a=commitdiff_plain;h=059c27a4f0517bcb101f930e78665bdee0d43413;p=controller

Security: Invalid write in controller_entry_read() due to missing allocation.

The `entry->items` must be increased when the `at` variable is increased.
---

diff --git a/sources/c/program/controller/main/entry.c b/sources/c/program/controller/main/entry.c
index 9cf731c..07941ca 100644
--- a/sources/c/program/controller/main/entry.c
+++ b/sources/c/program/controller/main/entry.c
@@ -186,9 +186,26 @@ extern "C" {
             continue;
           }
           else if (entry->items.used) {
+            state.status = f_memory_array_increase(at, sizeof(controller_entry_item_t), (void **) &entry->items.array, &entry->items.used, &entry->items.size);
+
+            if (F_status_is_error(state.status)) {
+              controller_print_error_entry(&main->program.error, is_entry, F_status_set_fine(state.status), macro_controller_f(f_memory_array_increase_by), F_true);
+
+              break;
+            }
+
             at = entry->items.used++;
           }
           else {
+            if (entry->items.size < 2) {
+              state.status = f_memory_array_resize(2, sizeof(controller_entry_item_t), (void **) &entry->items.array, &entry->items.used, &entry->items.size);
+
+              if (F_status_is_error(state.status)) {
+                controller_print_error_entry(&main->program.error, is_entry, F_status_set_fine(state.status), macro_controller_f(f_memory_array_resize), F_true);
+
+                break;
+              }
+            }
 
             // Skip position 0, which is reserved for "main".
             entry->items.array[0].name.used = 0;