[Asterisk-Dev] possible bug in pbx.c::substring() ?
Luigi Rizzo
rizzo at icir.org
Mon Jan 16 05:20:28 MST 2006
look at the following piece of code in pbx.c::substring() that
deals with incorrect arguments.
offset = -N means take the substring starting N positions from the end.
In this case (which the test correctly identifies, the max length is -offset);
however in the body the max length is incorrectly set to strlen(ret)+offset,
while it should be -offset
/* Detect too-long length */
if ((offset < 0 && length > -offset) || (offset >= 0 && offset+length > strlen(ret))) {
if (offset >= 0)
length = strlen(ret)-offset;
else
length = strlen(ret)+offset; /* XXX should be length = -offset */
}
right ?
cheers
luigi
More information about the asterisk-dev
mailing list