From aad2b13690f95ef941f608230b27016b308a1b69 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] 0064-ps/sortformat.c: Double-check chars in
 verify_short_sort().

To avoid an out-of-bounds access at checkoff[tmp]. The strspn() at the
beginning of the function protects against it already, but double-check
this in case of some future change.
---
 ps/sortformat.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ps/sortformat.c b/ps/sortformat.c
index b7974de6..96377442 100644
--- a/ps/sortformat.c
+++ b/ps/sortformat.c
@@ -427,6 +427,7 @@ static const char *verify_short_sort(const char *arg){
   walk = arg;
   for(;;){
     tmp = *walk;
+    if(tmp < 0 || (size_t)tmp >= sizeof(checkoff)) return _("bad sorting code");
     switch(tmp){
     case '\0':
       return NULL;   /* looks good */