[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fix a crash in stand-alone Info due to bad indexing of a string
From: |
Eli Zaretskii |
Subject: |
Fix a crash in stand-alone Info due to bad indexing of a string |
Date: |
Wed, 20 Mar 2013 19:57:23 +0200 |
The stand-alone Info reader crashed on me today when I did
index-search. Debugging that, I found a faulty logic in indices.c,
which caused us to write outside of a string's bounds when we up-case
or down-case a partial match found by index-search. The result was
that the following call to 'free' crashed.
Here's the patch to fix this:
2013-03-20 Eli Zaretskii <address@hidden>
* info/indices.c (info_next_index_match): Fix computation of
'partial', as setting it to 1 causes crashes because upcasing or
downcasing the match writes outside of match[] string bounds.
--- indices.c~ 2013-02-23 02:11:25.000000000 +0200
+++ indices.c 2013-03-20 19:39:51.850527800 +0200
@@ -417,14 +417,13 @@
matches. */
for (i = index_offset + dir; (i > -1) && (index_index[i]); i += dir)
if (!index_entry_matches (index_index[i], index_search, search_len) &&
- string_in_line (index_search, index_index[i]->label) != -1)
- {
- partial = 1;
- break;
- }
+ (partial =
+ string_in_line (index_search, index_index[i]->label)) != -1)
+ break;
}
- index_partial = partial;
-
+ if (partial <= 0)
+ index_partial = 0;
+
/* If that failed, print an error. */
if ((i < 0) || (!index_index[i]))
{
@@ -459,7 +458,7 @@
string matched. */
match = xstrdup (index_index[i]->label);
- if (partial && show_index_match)
+ if (partial > 0 && show_index_match)
{
int k, ls, start, upper;
- Fix a crash in stand-alone Info due to bad indexing of a string,
Eli Zaretskii <=
Re: Fix a crash in stand-alone Info due to bad indexing of a string, Sergey Poznyakoff, 2013/03/21