diff options
author | Vincent Sanders <vince@kyllikki.org> | 2015-07-04 09:36:46 +0100 |
---|---|---|
committer | Vincent Sanders <vince@kyllikki.org> | 2015-07-04 09:36:46 +0100 |
commit | ccac30117601f6773c65a07a9f34aab76dbe6fc0 (patch) | |
tree | c11d35581c87ea43be4717b024fca0386e36b21c /utils | |
parent | 123c8bc8b3d621d0e259ae9ce99ebe753036ac0b (diff) | |
download | netsurf-ccac30117601f6773c65a07a9f34aab76dbe6fc0.tar.gz netsurf-ccac30117601f6773c65a07a9f34aab76dbe6fc0.tar.bz2 |
Fix a signed comparison error in nsurl parsing.
In utils/nsurl.c the function nsurl__create_from_section() has a
section dealing with non-redundant ports (starting line 973).
lwc_intern_string() was being called with negative lengths and as it
takes a size_t (unsigned) so is getting passed a very large length
which causes a segfault.
this is supposed to be protected by the flag setting on line 969
however the arithmetic is all *unsigned* so the condition never
matches
(gdb) p length - (colon - pegs->at + skip)
$9 = 18446744073709551608
changing the check arithmetic to be a simple comparison against length
prevents this issue and reduces the amount of computation required.
Diffstat (limited to 'utils')
-rw-r--r-- | utils/nsurl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/utils/nsurl.c b/utils/nsurl.c index e0e147229..4454ba8a1 100644 --- a/utils/nsurl.c +++ b/utils/nsurl.c @@ -963,7 +963,7 @@ static nserror nsurl__create_from_section(const char * const url_s, flags |= NSURL_F_NO_PORT; } - if (length - (colon - pegs->at + skip) <= 0) { + if (length <= (colon - pegs->at + skip)) { /* No space for a port after the colon */ flags |= NSURL_F_NO_PORT; |