mymemmem: fix twobyte_memmem out of bound reads

Closes #40.
author: Leah Neukirchen <leah@vuxu.org> 2017-06-28 20:40:43 +0200
committer: Leah Neukirchen <leah@vuxu.org> 2017-06-28 20:40:43 +0200
commit: 1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee (patch)
tree: f8fdda3ce8f2a5cbb8f4fbbd03532b64d7732986 /mymemmem.c
parent: 8603f8deb7191b1fa2f9e35bc6f95276ba85353e (diff)
download: mblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.tar.gz
mblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.tar.xz
mblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/mymemmem.c b/mymemmem.c
index 9637c98..1e16caf 100644
--- a/mymemmem.c
+++ b/mymemmem.c
@@ -1,4 +1,5 @@
 // taken straight from musl@c718f9fc
+// twobyte_memmem fixed to avoid 1 byte read over end of buffer
 
 /*
 Copyright © 2005-2014 Rich Felker, et al.
@@ -29,8 +30,13 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 static char *twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
 {
 	uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1];
-	for (h++, k--; k; k--, hw = hw<<8 | *++h)
+	h++;
+	k--;
+        for (;;) {
 		if (hw == nw) return (char *)h-1;
+		if (!--k) return 0;
+		hw = hw<<8 | *++h;
+        }
 	return 0;
 }
author	Leah Neukirchen <leah@vuxu.org>	2017-06-28 20:40:43 +0200
committer	Leah Neukirchen <leah@vuxu.org>	2017-06-28 20:40:43 +0200
commit	1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee (patch)
tree	f8fdda3ce8f2a5cbb8f4fbbd03532b64d7732986 /mymemmem.c
parent	8603f8deb7191b1fa2f9e35bc6f95276ba85353e (diff)
download	mblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.tar.gz mblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.tar.xz mblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.zip