[asterisk-commits] jpeeler: branch 1.6.2 r293158 - /branches/1.6.2/funcs/func_strings.c

[SVN commits to the Asterisk project]

Author: jpeeler
Date: Thu Oct 28 11:09:40 2010
New Revision: 293158

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=293158
Log:
Fix infinite loop in FILTER(). 

Specifically when you're using characters above \x7f or invalid character
escapes (e.g. \xgg).

(closes issue #18060)
Reported by: wdoekes
Patches: 
      issue18060_func_strings_filter_infinite_loop.patch uploaded by wdoekes (license 717)
Tested by: wdoekes

Modified:
    branches/1.6.2/funcs/func_strings.c

Modified: branches/1.6.2/funcs/func_strings.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.6.2/funcs/func_strings.c?view=diff&rev=293158&r1=293157&r2=293158
==============================================================================
--- branches/1.6.2/funcs/func_strings.c (original)
+++ branches/1.6.2/funcs/func_strings.c Thu Oct 28 11:09:40 2010
@@ -459,10 +459,10 @@
 
 		if (*(args.allowed) == '-') {
 			if (ast_get_encoded_char(args.allowed + 1, &c2, &consumed))
-				c2 = -1;
+				c2 = c1;
 			args.allowed += consumed + 1;
 
-			if ((c2 < c1 || c2 == -1) && !ast_opt_dont_warn) {
+			if ((unsigned char) c2 < (unsigned char) c1 && !ast_opt_dont_warn) {
 				ast_log(LOG_WARNING, "Range wrapping in FILTER(%s,%s).  This may not be what you want.\n", parse, args.string);
 			}
 
@@ -470,7 +470,7 @@
 			 * Looks a little strange, until you realize that we can overflow
 			 * the size of a char.
 			 */
-			for (ac = c1; ac != c2; ac++) {
+			for (ac = (unsigned char) c1; ac != (unsigned char) c2; ac++) {
 				bitfield[ac / 32] |= 1 << (ac % 32);
 			}
 			bitfield[ac / 32] |= 1 << (ac % 32);