Derek Martin wrote: > Likewise, mutt_substrdup() should check its arguments to make sure > they can not produce a string of size less than 0, and abort if they > would.
I need some more time to play with your suggestions for WSP, but this one is quick and easy enough. -Kevin
# HG changeset patch # User Kevin McCarthy <[email protected]> # Date 1417990713 28800 # Sun Dec 07 14:18:33 2014 -0800 # Node ID e13b5c746a3548dc6108b892b4ea326347d396ff # Parent 39d3ddb56d340f66ffd0fe476003645f4cdc30bc Add parameter checking and abort to mutt_substrdup. (references #3716) diff --git a/lib.c b/lib.c --- a/lib.c +++ b/lib.c @@ -810,16 +810,25 @@ return dest; } char *mutt_substrdup (const char *begin, const char *end) { size_t len; char *p; + /* Due to repeated issues in this function, add some error checking. + * See tickets 3609 and 3716. + */ + if ( !begin || (end && (begin > end)) ) + { + mutt_error _("Error: illegal input to mutt_substrdup!"); + abort (); + } + if (end) len = end - begin; else len = strlen (begin); p = safe_malloc (len + 1); memcpy (p, begin, len); p[len] = 0;
signature.asc
Description: PGP signature
