lib/portableproplib: fix various oob reads/segfaults
Applies the following patches from NetBSD: http://cvsweb.netbsd.org/bsdweb.cgi/src/common/lib/libprop/prop_object.c?rev=1.30&content-type=text/x-cvsweb-markup http://cvsweb.netbsd.org/bsdweb.cgi/src/common/lib/libprop/prop_object_impl.h?rev=1.31.12.1&content-type=text/x-cvsweb-markup
This commit is contained in:
parent
85f46ea295
commit
530149d90d
@ -393,10 +393,11 @@ _prop_object_internalize_find_tag(struct _prop_object_internalize_context *ctx,
|
|||||||
|
|
||||||
ctx->poic_tagname = cp;
|
ctx->poic_tagname = cp;
|
||||||
|
|
||||||
while (!_PROP_ISSPACE(*cp) && *cp != '/' && *cp != '>')
|
while (!_PROP_ISSPACE(*cp) && *cp != '/' && *cp != '>') {
|
||||||
|
if (_PROP_EOF(*cp))
|
||||||
|
return (false);
|
||||||
cp++;
|
cp++;
|
||||||
if (_PROP_EOF(*cp))
|
}
|
||||||
return (false);
|
|
||||||
|
|
||||||
ctx->poic_tagname_len = cp - ctx->poic_tagname;
|
ctx->poic_tagname_len = cp - ctx->poic_tagname;
|
||||||
|
|
||||||
@ -439,10 +440,11 @@ _prop_object_internalize_find_tag(struct _prop_object_internalize_context *ctx,
|
|||||||
|
|
||||||
ctx->poic_tagattr = cp;
|
ctx->poic_tagattr = cp;
|
||||||
|
|
||||||
while (!_PROP_ISSPACE(*cp) && *cp != '=')
|
while (!_PROP_ISSPACE(*cp) && *cp != '=') {
|
||||||
|
if (_PROP_EOF(*cp))
|
||||||
|
return (false);
|
||||||
cp++;
|
cp++;
|
||||||
if (_PROP_EOF(*cp))
|
}
|
||||||
return (false);
|
|
||||||
|
|
||||||
ctx->poic_tagattr_len = cp - ctx->poic_tagattr;
|
ctx->poic_tagattr_len = cp - ctx->poic_tagattr;
|
||||||
|
|
||||||
@ -454,10 +456,11 @@ _prop_object_internalize_find_tag(struct _prop_object_internalize_context *ctx,
|
|||||||
return (false);
|
return (false);
|
||||||
|
|
||||||
ctx->poic_tagattrval = cp;
|
ctx->poic_tagattrval = cp;
|
||||||
while (*cp != '\"')
|
while (*cp != '\"') {
|
||||||
|
if (_PROP_EOF(*cp))
|
||||||
|
return (false);
|
||||||
cp++;
|
cp++;
|
||||||
if (_PROP_EOF(*cp))
|
}
|
||||||
return (false);
|
|
||||||
ctx->poic_tagattrval_len = cp - ctx->poic_tagattrval;
|
ctx->poic_tagattrval_len = cp - ctx->poic_tagattrval;
|
||||||
|
|
||||||
cp++;
|
cp++;
|
||||||
|
@ -107,8 +107,7 @@ typedef enum {
|
|||||||
|
|
||||||
#define _PROP_EOF(c) ((c) == '\0')
|
#define _PROP_EOF(c) ((c) == '\0')
|
||||||
#define _PROP_ISSPACE(c) \
|
#define _PROP_ISSPACE(c) \
|
||||||
((c) == ' ' || (c) == '\t' || (c) == '\n' || (c) == '\r' || \
|
((c) == ' ' || (c) == '\t' || (c) == '\n' || (c) == '\r')
|
||||||
_PROP_EOF(c))
|
|
||||||
|
|
||||||
#define _PROP_TAG_MATCH(ctx, t) \
|
#define _PROP_TAG_MATCH(ctx, t) \
|
||||||
_prop_object_internalize_match((ctx)->poic_tagname, \
|
_prop_object_internalize_match((ctx)->poic_tagname, \
|
||||||
|
Loading…
Reference in New Issue
Block a user