Inicio Explorar Ayuda
Iniciar sesión
hongwenjun
/
musl
espejo de https://git.musl-libc.org/git/musl
1
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

fix incorrect comparison loop condition in memmem

the logic for this loop was copied from null-terminated-string logic
in strstr without properly adapting it to work with explicit lengths.

presumably this error could result in false negatives (wrongly
comparing past the end of the needle/haystack), false positives
(stopping comparison early when the needle contains null bytes), and
crashes (from runaway reads past the end of mapped memory).
Rich Felker hace 11 años
padre
7c73cacd09
commit
cef0f289f6
Se han modificado 1 ficheros con 2 adiciones y 2 borrados
Dividir vista Mostrar estadísticas de diff
  1. 2 2
      src/string/memmem.c

+ 2 - 2
src/string/memmem.c
Ver fichero 

@@ -112,8 +112,8 @@ static char *twoway_memmem(const unsigned char *h, const unsigned char *z, const
 
 		}
 
 
 		/* Compare right half */
 
-		for (k=MAX(ms+1,mem); n[k] && n[k] == h[k]; k++);
 
-		if (n[k]) {
 
+		for (k=MAX(ms+1,mem); k<l && n[k] == h[k]; k++);
 
+		if (k < l) {
 
 			h += k-ms;
 
 			mem = 0;
 
 			continue;