OpenSDE
/
package-nopast
3
0
Fork 0
Code Issues 9 Projects 1 Releases Activity
OpenSDE Packages Database (without history before r20070)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12188 Commits
49 Branches
0 Tags
34 MiB
 
 
 
 
 
 
Tree: 37c78cb93c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '37c78cb93c'
${ noResults }
package-nopast/base/musl/memmem.patch

51 lines
2.0 KiB
Raw Blame History

# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../musl/memmem.patch
# Copyright (C) 2016 The OpenSDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
From c718f9fc1b4bd913eff10d0c12763f90b2bc487c Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Fri, 1 Apr 2016 13:36:15 -0400
Subject: fix read past end of haystack buffer for short needles in memmem
the two/three/four byte memmem specializations are not prepared to
handle haystacks shorter than the needle; they unconditionally read at
least up to the needle length and subtract from the haystack length.
if the haystack is shorter, the remaining haystack length underflows
and produces an unbounded search which will eventually either crash or
find a spurious match.
the top-level memmem function attempted to avoid this case already by
checking for haystack shorter than needle, but it failed to re-check
after using memchr to remove the maximal prefix not containing the
first byte of the needle.
---
src/string/memmem.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/string/memmem.c b/src/string/memmem.c
index d7e1221..4be6a31 100644
--- a/src/string/memmem.c
+++ b/src/string/memmem.c
@@ -140,6 +140,7 @@ void *memmem(const void *h0, size_t k, const void *n0, size_t l)
h = memchr(h0, *n, k);
if (!h || l==1) return (void *)h;
k -= h - (const unsigned char *)h0;
+ if (k<l) return 0;
if (l==2) return twobyte_memmem(h, k, n);
if (l==3) return threebyte_memmem(h, k, n);
if (l==4) return fourbyte_memmem(h, k, n);
--
cgit v0.11.2