From 75e8af3354c42ce42abb4bece351fe1a8b99d96a Mon Sep 17 00:00:00 2001
From: Brad King <brad.king@kitware.com>
Date: Tue, 27 Mar 2018 08:18:47 -0400
Subject: cmSystemTools: Fix ParseArguments out-of-bounds read

When checking for a Windows-style leading path, do not read past the
null terminator.

Issue: #17854
---
 Source/cmSystemTools.cxx | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Source/cmSystemTools.cxx b/Source/cmSystemTools.cxx
index 88cfe81..eeb73c3 100644
--- a/Source/cmSystemTools.cxx
+++ b/Source/cmSystemTools.cxx
@@ -550,12 +550,13 @@ std::vector<std::string> cmSystemTools::ParseArguments(const char* command)
 
   bool win_path = false;
 
-  if ((command[0] != '/' && command[1] == ':' && command[2] == '\\') ||
-      (command[0] == '\"' && command[1] != '/' && command[2] == ':' &&
-       command[3] == '\\') ||
-      (command[0] == '\'' && command[1] != '/' && command[2] == ':' &&
-       command[3] == '\\') ||
-      (command[0] == '\\' && command[1] == '\\')) {
+  if (command[0] && command[1] &&
+      ((command[0] != '/' && command[1] == ':' && command[2] == '\\') ||
+       (command[0] == '\"' && command[1] != '/' && command[2] == ':' &&
+        command[3] == '\\') ||
+       (command[0] == '\'' && command[1] != '/' && command[2] == ':' &&
+        command[3] == '\\') ||
+       (command[0] == '\\' && command[1] == '\\'))) {
     win_path = true;
   }
   // Split the command into an argv array.
-- 
cgit v0.12