Djam/rpm
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/rpm.git synced 2025-02-23 18:33:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
rpm/rpm-5.4.9-mire-fix-strings-lacking-null-terminator.patch
akdengi b7fdb718d3 - new version 5.4.9
2012-08-01 14:59:23 +04:00

32 lines
1.1 KiB
Diff
Raw Blame History

--- rpm-5.4.9/rpmio/mire.c.str_nul~ 2012-04-16 05:21:22.000000000 +0200
+++ rpm-5.4.9/rpmio/mire.c 2012-05-15 03:20:14.361970779 +0200
@@ -415,11 +415,10 @@ int mireRegexec(miRE mire, const char *
break;
/* XXX rpmgrep: ensure that the string is NUL terminated. */
if (vallen > 0) {
- if (val[vallen] != '\0') {
- char * t = strncpy((char *)alloca(vallen+1), val, vallen);
- t[vallen] = '\0';
- val = t;
- }
+ /* if (val[vallen] != '\0') might go outside of allocated memory */
+ char * t = strncpy(alloca(vallen+1), val, vallen);
+ t[vallen] = '\0';
+ val = t;
} else
if (vallen == 0)
vallen = strlen(val);
@@ -466,6 +465,13 @@ int mireRegexec(miRE mire, const char *
case RPMMIRE_GLOB:
if (mire->pattern == NULL)
break;
+ /* XXX rpmgrep: ensure that the string is NUL terminated. */
+ if (vallen > 0) {
+ /* if (val[vallen] != '\0') might go outside of allocated memory */
+ char * t = strncpy(alloca(vallen+1), val, vallen);
+ t[vallen] = '\0';
+ val = t;
+ }
rc = fnmatch(mire->pattern, val, mire->fnflags);
switch (rc) {
case 0: rc = 0; /*@innerbreak@*/ break;
Reference in a new issue View git blame Copy permalink