[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch] fix out of bounds memory read in forward_to_info_syntax() /
|
From: |
Hanno Böck |
|
Subject: |
Re: [patch] fix out of bounds memory read in forward_to_info_syntax() / info-utils.c |
|
Date: |
Sun, 10 Jul 2016 21:13:14 +0200 |
On Sun, 10 Jul 2016 19:57:31 +0100
Gavin Smith <address@hidden> wrote:
> means that the condition will be true whenever a null byte is reached,
> rather when the three bytes "\0\b[" are reached. This is because
> strncmp has a weaker condition for equality than memcmp, in that
> anything after null bytes is ignored. Example program:
A sorry, you are right. I didn't consider that the comparison string
contains itself a zero-byte. In this case strncmp can't be used.
> Index: info-utils.c
> ===================================================================
> --- info-utils.c (revision 7149)
> +++ info-utils.c (working copy)
> @@ -1576,7 +1576,7 @@
> static char *
> forward_to_info_syntax (char *contents)
> {
> - while (contents < input_start + input_length)
> + while (contents < input_start + input_length - 3)
> {
> /* Menu entry comes first to optimize for the case of looking
> through a long index node. */
>
> I wonder if you could try this patch and report whether it works?
Yes, it does. Seems to do the right thing, please apply that one.
--
Hanno Böck
https://hboeck.de/
mail/jabber: address@hidden
GPG: BBB51E42
pgputUjE6HwsK.pgp
Description: OpenPGP digital signature