Fix potential overflow in `utf8len()`

For example on 32 bit mode, when `p = 0xfffffffd`, `e = 0xfffffffe` and `len = 4`, the sum of `p` and `len` can be to `1`, and comparison with `e` will to be false. As a result, a segmentation fault occurs by referring to address 0.
author: dearblue <[email protected]> 2019-06-22 16:48:22 +0900
committer: dearblue <[email protected]> 2019-06-22 18:16:38 +0900
commit: 758353902940e43530dbbbab0d9ce6ded5884923 (patch)
tree: 92ee93e7f1044d4178bf0f5e3b63cfe0bbbf9199 /src/string.c
parent: c53b7cedccf7f5260dc8b4f88c5f93ea550bc5df (diff)
download: mruby-758353902940e43530dbbbab0d9ce6ded5884923.tar.gz
mruby-758353902940e43530dbbbab0d9ce6ded5884923.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/string.c b/src/string.c
index bfe73b359..ed58c484b 100644
--- a/src/string.c
+++ b/src/string.c
@@ -234,7 +234,7 @@ utf8len(const char* p, const char* e)
   mrb_int i;
 
   len = utf8len_codepage[(unsigned char)*p];
-  if (p + len > e) return 1;
+  if (len > e - p) return 1;
   for (i = 1; i < len; ++i)
     if ((p[i] & 0xc0) != 0x80)
       return 1;
author	dearblue <[email protected]>	2019-06-22 16:48:22 +0900
committer	dearblue <[email protected]>	2019-06-22 18:16:38 +0900
commit	758353902940e43530dbbbab0d9ce6ded5884923 (patch)
tree	92ee93e7f1044d4178bf0f5e3b63cfe0bbbf9199 /src/string.c
parent	c53b7cedccf7f5260dc8b4f88c5f93ea550bc5df (diff)
download	mruby-758353902940e43530dbbbab0d9ce6ded5884923.tar.gz mruby-758353902940e43530dbbbab0d9ce6ded5884923.zip