summaryrefslogtreecommitdiff
path: root/apt-pkg/policy.cc
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-08-31 17:01:04 +0200
committerJulian Andres Klode <jak@debian.org>2016-10-05 21:53:38 +0200
commit43ed244f35c0bbd3bec2dae0d5e71d98f6314d23 (patch)
tree79230ea1e345407cab6a72cbfee23a170f75517e /apt-pkg/policy.cc
parentb9cddcfb31dd6da49fcd470aaa484eafcfc779ae (diff)
TagFile: Fix off-by-one errors in comment stripping
Adding 1 to the value of d->End - current makes restLength one byte too long: If we pass memchr(current, ..., restLength) has thus undefined behavior. Also, reading the value of current has undefined behavior if current >= d->End, not only for current > d->End: Consider a string of length 1, that is d->End = d->Current + 1. We can only read at d->Current + 0, but d->Current + 1 is beyond the end of the string. This probably caused several inexplicable build failures on hurd-i386 in the past, and just now caused a build failure on Ubuntu's amd64 builder. Reported-By: valgrind (cherry picked from commit 923c592ceb6014b31ec751b97b3ed659fa3e88ae)
Diffstat (limited to 'apt-pkg/policy.cc')
0 files changed, 0 insertions, 0 deletions