]> git.cworth.org Git - apitrace/commitdiff
projects / apitrace / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d5b4b0b)
Prevent buffer overflow in os::String::rfindSep().
authorJosé Fonseca <jose.r.fonseca@gmail.com>
Fri, 2 Mar 2012 11:11:58 +0000 (11:11 +0000)
committerJosé Fonseca <jose.r.fonseca@gmail.com>
Thu, 8 Mar 2012 09:20:03 +0000 (10:20 +0100)
common/os_string.hpp patch | blob | history

diff --git a/common/os_string.hpp b/common/os_string.hpp
index 29ae5cf12bd1e37f5edb71f4ad70be5b97533bea..a277707753e9d10a58c417d128b469c6fcf3a16a 100644 (file)
--- a/common/os_string.hpp
+++ b/common/os_string.hpp
@@ -93,12 +93,19 @@ protected:
 
     Buffer::iterator rfind(char c) {
         Buffer::iterator it = buffer.end();
+
+        // Skip trailing '\0'
+        assert(it != buffer.begin());
+        --it;
+        assert(*it == '\0');
+
         while (it != buffer.begin()) {
             --it;
             if (*it == c) {
                 return it;
             }
         }
+
         return buffer.end();
     }
 
@@ -126,17 +133,30 @@ protected:
     Buffer::iterator rfindSep(void) {
         Buffer::iterator it = buffer.end();
 
+        // Skip trailing '\0'
+        assert(it != buffer.begin());
+        --it;
+        assert(*it == '\0');
+
         // Skip trailing separators
-        while (it != buffer.begin() && isSep(*it)) {
+        while (it != buffer.begin()) {
             --it;
+            if (isSep(*it)) {
+                // Halt if find the root
+                if (it == buffer.begin()) {
+                    return it;
+                }
+            } else {
+                break;
+            }
         }
 
         // Advance to the last separator
         while (it != buffer.begin()) {
+            --it;
             if (isSep(*it)) {
                 return it;
             }
-            --it;
         }
 
         return buffer.end();
Carl's hacks to apitrace (upstream at https://github.com/apitrace/apitrace)