diff options
author | Leah Neukirchen <leah@vuxu.org> | 2017-06-28 20:40:43 +0200 |
---|---|---|
committer | Leah Neukirchen <leah@vuxu.org> | 2017-06-28 20:40:43 +0200 |
commit | 1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee (patch) | |
tree | f8fdda3ce8f2a5cbb8f4fbbd03532b64d7732986 | |
parent | 8603f8deb7191b1fa2f9e35bc6f95276ba85353e (diff) | |
download | mblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.tar.gz mblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.tar.xz mblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.zip |
mymemmem: fix twobyte_memmem out of bound reads
Closes #40.
-rw-r--r-- | mymemmem.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/mymemmem.c b/mymemmem.c index 9637c98..1e16caf 100644 --- a/mymemmem.c +++ b/mymemmem.c @@ -1,4 +1,5 @@ // taken straight from musl@c718f9fc +// twobyte_memmem fixed to avoid 1 byte read over end of buffer /* Copyright © 2005-2014 Rich Felker, et al. @@ -29,8 +30,13 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. static char *twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n) { uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1]; - for (h++, k--; k; k--, hw = hw<<8 | *++h) + h++; + k--; + for (;;) { if (hw == nw) return (char *)h-1; + if (!--k) return 0; + hw = hw<<8 | *++h; + } return 0; } |