diff options
author | Julian Andres Klode <jak@debian.org> | 2016-08-31 17:01:04 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2016-09-01 00:55:13 +0200 |
commit | 4061d595920c52b3b1cbcdbfc1d041a7607c206b (patch) | |
tree | d6ec634110b9bfd86bce6bcfecd83381ce1a7132 /methods/copy.cc | |
parent | 265c3312bd1b329dc9b54c754da46621d9019c11 (diff) |
TagFile: Fix off-by-one errors in comment stripping
Adding 1 to the value of d->End - current makes restLength one byte
too long: If we pass memchr(current, ..., restLength) has thus
undefined behavior.
Also, reading the value of current has undefined behavior if
current >= d->End, not only for current > d->End:
Consider a string of length 1, that is d->End = d->Current + 1.
We can only read at d->Current + 0, but d->Current + 1 is beyond
the end of the string.
This probably caused several inexplicable build failures on hurd-i386
in the past, and just now caused a build failure on Ubuntu's amd64
builder.
Reported-By: valgrind
(cherry picked from commit 923c592ceb6014b31ec751b97b3ed659fa3e88ae)
Diffstat (limited to 'methods/copy.cc')
0 files changed, 0 insertions, 0 deletions