This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7f287adcd0b7c09d9c212ecc38190fd0d393c0bc commit 7f287adcd0b7c09d9c212ecc38190fd0d393c0bc Author: Guillem Jover <guil...@debian.org> AuthorDate: Sun May 19 14:12:58 2024 +0200 libdpkg: Compute string slice for varbuf_has_suffix() check on good values We should not compute the slice with «used» members values that we know will produce a wrong pointer, even if we do not end up using it, as that can trip static analyzers. Changelog: silent --- lib/dpkg/varbuf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/dpkg/varbuf.c b/lib/dpkg/varbuf.c index 3fbc10344..02653e2f4 100644 --- a/lib/dpkg/varbuf.c +++ b/lib/dpkg/varbuf.c @@ -188,11 +188,13 @@ varbuf_has_prefix(struct varbuf *v, struct varbuf *prefix) bool varbuf_has_suffix(struct varbuf *v, struct varbuf *suffix) { - const char *slice = v->buf + v->used - suffix->used; + const char *slice; if (suffix->used > v->used) return false; + slice = v->buf + v->used - suffix->used; + return strcmp(slice, suffix->buf) == 0; } -- Dpkg.Org's dpkg