Fix an out-of-bounds read in fgetline().

Forgot that a zero-length string might have come back from fgets. Thanks to Hanno Böck for spotting this, with the aid of AFL. (cherry picked from commit 5815d6a65a)
2015-11-10 18:49:09 +00:00 · 2015-11-10 18:49:09 +00:00 · cac650b8a5
--- a/misc.c
+++ b/misc.c
@ -459,7 +459,7 @@ char *fgetline(FILE *fp)
    int size = 512, len = 0;
    while (fgets(ret + len, size - len, fp)) {
 	len += strlen(ret + len);
-	if (ret[len-1] == '\n')
+	if (len > 0 && ret[len-1] == '\n')
 	    break;		       /* got a newline, we're done */
 	size = len + 512;
 	ret = sresize(ret, size, char);