]>
sourceware.org Git - newlib-cygwin.git/commit
string: Fix buffer overrun in picolibc/newlib/libc/string/strrchr.c (#184)
Reported by prodisDown:
In picolibc/newlib/libc/string/strrchr.c
if (i) { while ((s=strchr(s, i))) { last = s; s++; } } else { last = strchr(s, i); }
Value (for example 0xFFFFFF00) in if (i) can pass test and
then be typecasted to char inside strchr(). Then s++ and then
buffer overrun.
It can be fixed by preventive typecast i = (int) (char) i; or
typecasting inside expression if ((char) i).
Fixed by casting to char.
Signed-off-by: Keith Packard <keithp@keithp.com>
This page took 0.030141 seconds and 5 git commands to generate.
git://sourceware.org / newlib-cygwin.git / commit