From 08488f66b6028761d8eb60a3bddb9aa080a2af4a Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Fri, 26 Jun 2020 17:24:54 +0200
Subject: [PATCH] BUG/MINOR: cfgparse: correctly deal with empty lines

Issue 23653 in oss-fuzz reports a heap overflow bug which is in fact a
bug introduced by commit 9e1758efb ("BUG/MEDIUM: cfgparse: use
parse_line() to expand/unquote/unescape config lines") to address
oss-fuzz issue 22689, which was only partially fixed by commit 70f58997f
("BUG/MINOR: cfgparse: Support configurations without newline at EOF").

Actually on an empty line, end == line so we cannot dereference end-1
to check for a trailing LF without first being sure that end is greater
than line.

No backport is needed, this is 2.2 only.
---
 src/cfgparse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 92f17691c..63efc9114 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1916,7 +1916,7 @@ next_line:
 
 		readbytes = 0;
 
-		if (*(end-1) == '\n') {
+		if (end > line && *(end-1) == '\n') {
 			/* kill trailing LF */
 			*(end - 1) = 0;
 		}