diff options
| author |  Dirk Hohndel <dirk@hohndel.org> | 2012-12-07 20:02:14 -0800 |
|---|---|---|
| committer | Dirk Hohndel <dirk@hohndel.org> | 2012-12-07 20:02:14 -0800 |
| commit | dad93c425ed74cf770db4212bffae0eeb363bcf3 (patch) | |
| tree | 65384a948305bbefe851ca9cb4ba7242fb5636f8 | |
| parent | 0fcdd011f5e26d637dbddc826206f4a4be820058 (diff) | |
| download | subsurface-dad93c425ed74cf770db4212bffae0eeb363bcf3.tar.gz | |
Fix potential uninitialized read
When analyzing the buffer that is handed to the first_object_id function
we carefully check to make sure that we don't read past the end of the
input buffer but there was still one code path that could have us do just
that.
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
| -rw-r--r-- | uemis-downloader.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/uemis-downloader.c b/uemis-downloader.c index 722b4ea08..ec146afee 100644 --- a/uemis-downloader.c +++ b/uemis-downloader.c @@ -327,7 +327,7 @@ static char *first_object_id_val(char* buf) return NULL; bufend = buf + strlen(buf); object = strstr(buf, "object_id"); - if (object) { + if (object && object + 14 < bufend) { /* get the value */ char tmp[10]; char *p = object + 14; |