From 5ee859db2c9305e6d2b71ec9825c946a2472a07b Mon Sep 17 00:00:00 2001
From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Tue, 13 Feb 2024 11:43:06 +0100
Subject: [PATCH] Fixed out-of-bounds access, CID 1583604

---
 script.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/script.c b/script.c
index e6af31c..f893682 100644
--- a/script.c
+++ b/script.c
@@ -635,16 +635,17 @@ static SCRIPT_CTX *script_ctx_get(char *indata, uint32_t filesize, const SCRIPT_
     const char *input_pos, *signature_pos, *ptr;
     uint32_t line[LINE_MAX_LEN], sig_start[40], cr, lf;
     size_t sig_pos = 0, line_pos = 0, sig_start_pos = 0;
+    size_t sig_start_size = sizeof sig_start / sizeof(uint32_t);
 
     utf8DecodeRune("\r", 1, &cr);
     utf8DecodeRune("\n", 1, &lf);
 
     /* compute runes for the beginning of the signature */
-    for (ptr = comment->open; *ptr; sig_start_pos++)
+    for (ptr = comment->open; *ptr && sig_start_pos < sig_start_size; sig_start_pos++)
         ptr = utf8DecodeRune(ptr, 1, sig_start + sig_start_pos);
-    for (ptr = signature_begin; *ptr; sig_start_pos++)
+    for (ptr = signature_begin; *ptr && sig_start_pos < sig_start_size; sig_start_pos++)
         ptr = utf8DecodeRune(ptr, 1, sig_start + sig_start_pos);
-    for (ptr = comment->close; *ptr; sig_start_pos++)
+    for (ptr = comment->close; *ptr && sig_start_pos < sig_start_size; sig_start_pos++)
         ptr = utf8DecodeRune(ptr, 1, sig_start + sig_start_pos);
 
     /* find the beginning of the signature */