2012-05-18 05:02:54 +04:00
|
|
|
--- rpm-5.4.9/rpmio/mire.c.str_nul~ 2012-04-16 05:21:22.000000000 +0200
|
|
|
|
|
+++ rpm-5.4.9/rpmio/mire.c 2012-05-15 03:20:14.361970779 +0200
|
|
|
|
|
@@ -415,11 +415,10 @@ int mireRegexec(miRE mire, const char *
|
2012-04-27 04:55:39 +04:00
|
|
|
break;
|
|
|
|
|
/* XXX rpmgrep: ensure that the string is NUL terminated. */
|
|
|
|
|
if (vallen > 0) {
|
|
|
|
|
- if (val[vallen] != '\0') {
|
2012-05-18 05:02:54 +04:00
|
|
|
- char * t = strncpy((char *)alloca(vallen+1), val, vallen);
|
2012-04-27 04:55:39 +04:00
|
|
|
- t[vallen] = '\0';
|
|
|
|
|
- val = t;
|
|
|
|
|
- }
|
|
|
|
|
+ /* if (val[vallen] != '\0') might go outside of allocated memory */
|
|
|
|
|
+ char * t = strncpy(alloca(vallen+1), val, vallen);
|
|
|
|
|
+ t[vallen] = '\0';
|
|
|
|
|
+ val = t;
|
|
|
|
|
} else
|
|
|
|
|
if (vallen == 0)
|
|
|
|
|
vallen = strlen(val);
|
2012-05-18 05:02:54 +04:00
|
|
|
@@ -466,6 +465,13 @@ int mireRegexec(miRE mire, const char *
|
2012-04-27 04:55:39 +04:00
|
|
|
case RPMMIRE_GLOB:
|
|
|
|
|
if (mire->pattern == NULL)
|
|
|
|
|
break;
|
|
|
|
|
+ /* XXX rpmgrep: ensure that the string is NUL terminated. */
|
|
|
|
|
+ if (vallen > 0) {
|
|
|
|
|
+ /* if (val[vallen] != '\0') might go outside of allocated memory */
|
|
|
|
|
+ char * t = strncpy(alloca(vallen+1), val, vallen);
|
|
|
|
|
+ t[vallen] = '\0';
|
|
|
|
|
+ val = t;
|
|
|
|
|
+ }
|
|
|
|
|
rc = fnmatch(mire->pattern, val, mire->fnflags);
|
|
|
|
|
switch (rc) {
|
|
|
|
|
case 0: rc = 0; /*@innerbreak@*/ break;
|
