diff options
author | Vincent Sanders <vince@kyllikki.org> | 2015-07-04 09:36:46 +0100 |
---|---|---|
committer | Vincent Sanders <vince@kyllikki.org> | 2015-07-04 09:36:46 +0100 |
commit | ccac30117601f6773c65a07a9f34aab76dbe6fc0 (patch) | |
tree | c11d35581c87ea43be4717b024fca0386e36b21c /atari/plot/plot.h | |
parent | 123c8bc8b3d621d0e259ae9ce99ebe753036ac0b (diff) | |
download | netsurf-ccac30117601f6773c65a07a9f34aab76dbe6fc0.tar.gz netsurf-ccac30117601f6773c65a07a9f34aab76dbe6fc0.tar.bz2 |
Fix a signed comparison error in nsurl parsing.
In utils/nsurl.c the function nsurl__create_from_section() has a
section dealing with non-redundant ports (starting line 973).
lwc_intern_string() was being called with negative lengths and as it
takes a size_t (unsigned) so is getting passed a very large length
which causes a segfault.
this is supposed to be protected by the flag setting on line 969
however the arithmetic is all *unsigned* so the condition never
matches
(gdb) p length - (colon - pegs->at + skip)
$9 = 18446744073709551608
changing the check arithmetic to be a simple comparison against length
prevents this issue and reduces the amount of computation required.
Diffstat (limited to 'atari/plot/plot.h')
0 files changed, 0 insertions, 0 deletions