From 1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Wed, 28 Jun 2017 20:40:43 +0200
Subject: mymemmem: fix twobyte_memmem out of bound reads

Closes #40.
---
 mymemmem.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'mymemmem.c')

diff --git a/mymemmem.c b/mymemmem.c
index 9637c98..1e16caf 100644
--- a/mymemmem.c
+++ b/mymemmem.c
@@ -1,4 +1,5 @@
 // taken straight from musl@c718f9fc
+// twobyte_memmem fixed to avoid 1 byte read over end of buffer
 
 /*
 Copyright © 2005-2014 Rich Felker, et al.
@@ -29,8 +30,13 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 static char *twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
 {
 	uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1];
-	for (h++, k--; k; k--, hw = hw<<8 | *++h)
+	h++;
+	k--;
+        for (;;) {
 		if (hw == nw) return (char *)h-1;
+		if (!--k) return 0;
+		hw = hw<<8 | *++h;
+        }
 	return 0;
 }
 
-- 
cgit 1.4.1