Fossil SCM
Change a memcmp into a strncmp in regexp.c in order to avoid the possibility of a buffer overread with optimized memcmp implementations.
Commit
eec7c001f51f28c5ebf4a3a5beb3b4c4f6a982c6
Parent
e2b34906761dd94…
1 file changed
+1
-1
+1
-1
| --- src/regexp.c | ||
| +++ src/regexp.c | ||
| @@ -197,11 +197,11 @@ | ||
| 197 | 197 | |
| 198 | 198 | /* Look for the initial prefix match, if there is one. */ |
| 199 | 199 | if( pRe->nInit ){ |
| 200 | 200 | unsigned char x = pRe->zInit[0]; |
| 201 | 201 | while( in.i+pRe->nInit<=in.mx |
| 202 | - && (zIn[in.i]!=x || memcmp(zIn+in.i, pRe->zInit, pRe->nInit)!=0) | |
| 202 | + && (zIn[in.i]!=x || strncmp(zIn+in.i, pRe->zInit, pRe->nInit)!=0) | |
| 203 | 203 | ){ |
| 204 | 204 | in.i++; |
| 205 | 205 | } |
| 206 | 206 | if( in.i+pRe->nInit>in.mx ) return 0; |
| 207 | 207 | } |
| 208 | 208 |
| --- src/regexp.c | |
| +++ src/regexp.c | |
| @@ -197,11 +197,11 @@ | |
| 197 | |
| 198 | /* Look for the initial prefix match, if there is one. */ |
| 199 | if( pRe->nInit ){ |
| 200 | unsigned char x = pRe->zInit[0]; |
| 201 | while( in.i+pRe->nInit<=in.mx |
| 202 | && (zIn[in.i]!=x || memcmp(zIn+in.i, pRe->zInit, pRe->nInit)!=0) |
| 203 | ){ |
| 204 | in.i++; |
| 205 | } |
| 206 | if( in.i+pRe->nInit>in.mx ) return 0; |
| 207 | } |
| 208 |
| --- src/regexp.c | |
| +++ src/regexp.c | |
| @@ -197,11 +197,11 @@ | |
| 197 | |
| 198 | /* Look for the initial prefix match, if there is one. */ |
| 199 | if( pRe->nInit ){ |
| 200 | unsigned char x = pRe->zInit[0]; |
| 201 | while( in.i+pRe->nInit<=in.mx |
| 202 | && (zIn[in.i]!=x || strncmp(zIn+in.i, pRe->zInit, pRe->nInit)!=0) |
| 203 | ){ |
| 204 | in.i++; |
| 205 | } |
| 206 | if( in.i+pRe->nInit>in.mx ) return 0; |
| 207 | } |
| 208 |