aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeah Neukirchen <leah@vuxu.org>2017-06-28 20:40:43 +0200
committerLeah Neukirchen <leah@vuxu.org>2017-06-28 20:40:43 +0200
commit1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee (patch)
treef8fdda3ce8f2a5cbb8f4fbbd03532b64d7732986
parent8603f8deb7191b1fa2f9e35bc6f95276ba85353e (diff)
downloadmblaze-1fc0b1adc360ee30f519f19ecb3ddcfc56c1afee.tar.gz
mymemmem: fix twobyte_memmem out of bound reads
Closes #40.
-rw-r--r--mymemmem.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/mymemmem.c b/mymemmem.c
index 9637c98..1e16caf 100644
--- a/mymemmem.c
+++ b/mymemmem.c
@@ -1,4 +1,5 @@
// taken straight from musl@c718f9fc
+// twobyte_memmem fixed to avoid 1 byte read over end of buffer
/*
Copyright © 2005-2014 Rich Felker, et al.
@@ -29,8 +30,13 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
static char *twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1];
- for (h++, k--; k; k--, hw = hw<<8 | *++h)
+ h++;
+ k--;
+ for (;;) {
if (hw == nw) return (char *)h-1;
+ if (!--k) return 0;
+ hw = hw<<8 | *++h;
+ }
return 0;
}