On Wed, May 05, 2021 at 09:34:15PM +0000, Guilherme Janczak wrote: > The expression "s + strlen(s) - 1" can create a pointer to one before > *s if strlen(s) is 0. > > --- > util.c | 14 +++++++++----- > 1 file changed, 9 insertions(+), 5 deletions(-) > > diff --git a/util.c b/util.c > index bdba718..c97f491 100644 > --- a/util.c > +++ b/util.c > @@ -59,9 +59,13 @@ skip(char *s, char c) { > static void > trim(char *s) { > char *e; > - > - e = s + strlen(s) - 1; > - while(isspace(*e) && e > s)
Hi, Thanks for the patch. It seems indeed to read out-of-bounds 1 byte before the buffer if the input is empty. I think if the condition is reversed then it is fine: > - while(isspace(*e) && e > s) to: > - while(e > s && isspace(*e)) I'll apply this and a few small changes tomorrow. > - e--; > - *(e + 1) = '\0'; > + > + e = s + strlen(s); > + while (e > s) { > + if (!isspace(*--e)) { > + e++; > + *e = '\0'; > + break; > + } > + } > } > -- > 2.31.1 > > -- Kind regards, Hiltjo