packages/rpm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rpm/backport-Avoid-incrementing-a-pointer-past-the-end.patch
renxichen 96149841b7 sync patches from upstream
2022-11-03 16:53:48 +08:00

36 lines
1.0 KiB
Diff
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 165330b7bf0757e30fa8a6de9998a564fb62796f Mon Sep 17 00:00:00 2001
From: "Demi M. Obenour" <demiobenour@gmail.com>
Date: Tue, 29 Dec 2020 22:59:36 -0500
Subject: [PATCH] Avoid incrementing a pointer past the end
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The end parameter to strtaglen might point past the end of an
allocation. Therefore, if start becomes equal to end, exit the loop
without calling memchr on it.
---
lib/header.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/lib/header.c b/lib/header.c
index c0a989691..98eda4138 100644
--- a/lib/header.c
+++ b/lib/header.c
@@ -412,10 +412,8 @@ static inline int strtaglen(const char *str, rpm_count_t c, const char *end)
const char *s;
if (end) {
- if (str >= end)
- return -1;
- while ((s = memchr(start, '\0', end-start))) {
- if (--c == 0 || s > end)
+ while (end > start && (s = memchr(start, '\0', end-start))) {
+ if (--c == 0)
break;
start = s + 1;
}
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink