Fix incorrect usage of strchr leading to overflow.#584
Open
elttil wants to merge 3 commits intolandley:masterfrom
Open
Fix incorrect usage of strchr leading to overflow.#584elttil wants to merge 3 commits intolandley:masterfrom
elttil wants to merge 3 commits intolandley:masterfrom
Conversation
The strchr check will always succeed when c == '\0' as C strings always have a null terminator. This fixes the overflow in issue landley#579 which occurs when sed is given the expression '/[['.
Overflow would occur the command `find - time` was run. This commit fixes issue landley#578.
When printf is given the format '%*' it would overflow and print environment variables. This fixes issue landley#574.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
These commits fix issues #574, #578, #579. They all result from using strchr with the incorrect assumption that
strchr("foo", '\0')results in NULL, when in actuality they return a pointer to the null terminator in the string "foo". The functionstridxinlib/lib.chas taken this issue into account, so I replace the current checks withstridx(<args>) != -1as it acts in a manner that I assume the original author(s) intended it to.