Skip to content

Fix potential buffer underflow and inefficient copy using fnmatch.#261

Open
robert-ancell wants to merge 1 commit into
hughsie:mainfrom
robert-ancell:fnmatch-fixes
Open

Fix potential buffer underflow and inefficient copy using fnmatch.#261
robert-ancell wants to merge 1 commit into
hughsie:mainfrom
robert-ancell:fnmatch-fixes

Conversation

@robert-ancell

Copy link
Copy Markdown
Collaborator

If length was zero we could check the -1 index.
A nul was always added because we only used the length of the string, not the
buffer (i.e. off by one).
Also remove a check for a negative number from an unsigned number.

Comment thread libappstream-glib/as-app.c
if (text_sz != -1 && text[text_sz-1] != '\0') {
if (text_sz == 0)
return FNM_NOMATCH;
if (text[text_sz-1] != '\0') {

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just?

	if (text_sz != 0 && text[text_sz-1] != '\0') {

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because a zero length buffer might not be nul terminated.

@hughsie

hughsie commented Aug 30, 2018

Copy link
Copy Markdown
Owner

CI seems to be failing -- can you check than out pls?

@hughsie

hughsie commented Feb 6, 2019

Copy link
Copy Markdown
Owner

@robert-ancell ?

If length was zero we could check the -1 index.
A nul was always added because we only used the length of the string, not the
buffer (i.e. off by one).
Also remove a check for a negative number from an unsigned number.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants