Mercurial > gnulib

changeset 38902:78a7785c42b9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
glob: fix another heap buffer overflow Problem reported by Tim Rühsen in: https://sourceware.org/bugzilla/show_bug.cgi?id=22332 * lib/glob.c (glob): Avoid buffer overrun when unescaping.
author Paul Eggert <eggert@cs.ucla.edu>
date Sat, 21 Oct 2017 12:20:29 -0700
parents ead4e3bf6c56
children 742924486992
files ChangeLog lib/glob.c
diffstat 2 files changed, 9 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Thu Oct 19 13:03:40 2017 -0700
+++ b/ChangeLog	Sat Oct 21 12:20:29 2017 -0700
@@ -1,3 +1,10 @@
+2017-10-21  Paul Eggert  <eggert@cs.ucla.edu>
+
+	glob: fix another heap buffer overflow
+	Problem reported by Tim Rühsen in:
+	https://sourceware.org/bugzilla/show_bug.cgi?id=22332
+	* lib/glob.c (glob): Avoid buffer overrun when unescaping.
+
 2017-10-19  Paul Eggert  <eggert@cs.ucla.edu>
 
 	quotearg: pacify compiler re unsigned
--- a/lib/glob.c	Thu Oct 19 13:03:40 2017 -0700
+++ b/lib/glob.c	Sat Oct 21 12:20:29 2017 -0700
@@ -744,11 +744,11 @@
                   char *p = mempcpy (newp, dirname + 1,
                                      unescape - dirname - 1);
                   char *q = unescape;
-                  while (*q != '\0')
+                  while (q != end_name)
                     {
                       if (*q == '\\')
                         {
-                          if (q[1] == '\0')
+                          if (q + 1 == end_name)
                             {
                               /* "~fo\\o\\" unescape to user_name "foo\\",
                                  but "~fo\\o\\/" unescape to user_name