From ab5ee87cbbe1b94a45d5c7974b321e2ee78d1238 Mon Sep 17 00:00:00 2001
From: zhoupengcheng <zhoupengcheng11@huawei.com>
Date: Sat, 26 Nov 2022 18:27:48 +0800
Subject: [PATCH] fix CVE-2021-33642

next_inline() return EOF cause infinite loop in more_curly(),
Add EOF case in more_curly(), don't allow multiple line.
---
 reader.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/reader.c b/reader.c
index 2a1dfe5..6a9bb7c 100644
--- a/reader.c
+++ b/reader.c
@@ -1030,8 +1030,10 @@ more_curly(void)
     
     int result = 0;
     int finish = 0;
+    int c;
     FILE *f = input_file;
     long int old_pos = ftell(f); 
+    long int new_pos = old_pos;
     int save_linesize = linesize;
     char *save_line = TMALLOC(char, linesize);
     NO_SPACE(save_line);
@@ -1039,7 +1041,13 @@ more_curly(void)
     memcpy(save_line, line, linesize);
     do
     {
-	switch (next_inline())
+	c = next_inline();
+	// Don't allow multiple line, so we use file position to check
+	// Only get_line() will move file postion forward
+	new_pos = ftell(f);
+	if (c == (EOF) || old_pos != new_pos)
+	    break;
+	switch (c)
 	{
 	case 0:
 	case '\n':
-- 
2.27.0