From 5815d6a65af992881f5462097c9320f3a4716e0c Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Tue, 10 Nov 2015 18:49:09 +0000
Subject: [PATCH] Fix an out-of-bounds read in fgetline().
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Forgot that a zero-length string might have come back from fgets.

Thanks to Hanno Böck for spotting this, with the aid of AFL.
---
 misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misc.c b/misc.c
index 618ca297..0ce3d366 100644
--- a/misc.c
+++ b/misc.c
@@ -460,7 +460,7 @@ char *fgetline(FILE *fp)
     int size = 512, len = 0;
     while (fgets(ret + len, size - len, fp)) {
 	len += strlen(ret + len);
-	if (ret[len-1] == '\n')
+	if (len > 0 && ret[len-1] == '\n')
 	    break;		       /* got a newline, we're done */
 	size = len + 512;
 	ret = sresize(ret, size, char);
-- 
2.45.2