From cb61865bb93999e02852438d53c06def3d8d623b Mon Sep 17 00:00:00 2001
From: Nathan Scott <nathans@redhat.com>
Date: Sat, 30 Apr 2022 13:50:25 +1000
Subject: Add array bounds checking for the Process_fields array (covscan)

Coverity scan reports there may be a code path that would cause
an overrun in the (relatively new) ScreenSettings code where it
evaluates default sort direction.  Add bounds check and default
to descending instead of a potentially invalid array access.
---
 Settings.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Settings.c b/Settings.c
index 006be97f..a825b56a 100644
--- a/Settings.c
+++ b/Settings.c
@@ -271,12 +271,18 @@ static void ScreenSettings_readFields(ScreenSettings* ss, Hashtable* columns, co
 
 ScreenSettings* Settings_newScreen(Settings* this, const ScreenDefaults* defaults) {
    int sortKey = defaults->sortKey ? toFieldIndex(this->dynamicColumns, defaults->sortKey) : PID;
+   int sortDesc;
+   if (sortKey >= 0 && sortKey < LAST_PROCESSFIELD)
+      sortDesc = Process_fields[sortKey].defaultSortDesc;
+   else
+      sortDesc = 1;
+
    ScreenSettings* ss = xMalloc(sizeof(ScreenSettings));
    *ss = (ScreenSettings) {
       .name = xStrdup(defaults->name),
       .fields = xCalloc(LAST_PROCESSFIELD, sizeof(ProcessField)),
       .flags = 0,
-      .direction = (Process_fields[sortKey].defaultSortDesc) ? -1 : 1,
+      .direction = sortDesc ? -1 : 1,
       .treeDirection = 1,
       .sortKey = sortKey,
       .treeSortKey = PID,
-- 
cgit v1.2.3