diff options
| author | Yukihiro "Matz" Matsumoto <[email protected]> | 2019-07-12 21:46:02 +0900 |
|---|---|---|
| committer | GitHub <[email protected]> | 2019-07-12 21:46:02 +0900 |
| commit | 15563713700c8eecb1526726fccd2ddacd53b358 (patch) | |
| tree | 2e515fbd5bdded5ff527bfdb6be49703e5d0b577 /src/string.c | |
| parent | 54712c0624cdb085390a54b3fba6709ea75eaf98 (diff) | |
| parent | bde2f35a9f2d894ec88ad693633e89279b0560b9 (diff) | |
| download | mruby-15563713700c8eecb1526726fccd2ddacd53b358.tar.gz mruby-15563713700c8eecb1526726fccd2ddacd53b358.zip | |
Merge pull request #4573 from dearblue/fix-4569
Fix heap buffer overflow; fix #4569
Diffstat (limited to 'src/string.c')
| -rw-r--r-- | src/string.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/src/string.c b/src/string.c index 0700f81fa..056348921 100644 --- a/src/string.c +++ b/src/string.c @@ -324,22 +324,20 @@ str_index_str_by_char_search(mrb_state *mrb, const char *p, const char *pend, co } /* Searching */ - if (p < pend && pend - p >= slen) { - for (;;) { - const char *pivot; + while (p < pend && pend - p >= slen) { + const char *pivot; - if (memcmp(p, s, slen) == 0) { - return off; - } + if (memcmp(p, s, slen) == 0) { + return off; + } - pivot = p + qstable[(unsigned char)p[slen - 1]]; - if (pivot > pend || pivot < p /* overflowed */) { return -1; } + pivot = p + qstable[(unsigned char)p[slen - 1]]; + if (pivot > pend || pivot < p /* overflowed */) { return -1; } - do { - p += utf8len(p, pend); - off ++; - } while (p < pivot); - } + do { + p += utf8len(p, pend); + off ++; + } while (p < pivot); } return -1; |