[Asterisk-Dev] possible bug in pbx.c::substring() ?

Luigi Rizzo rizzo at icir.org
Mon Jan 16 05:20:28 MST 2006


look at the following piece of code in  pbx.c::substring() that
deals with incorrect arguments.

offset = -N means take the substring starting N positions from the end.
In this case (which the test correctly identifies, the max length is -offset);
however in the body the max length is incorrectly set to strlen(ret)+offset,
while it should be -offset

        /* Detect too-long length */
        if ((offset < 0 && length > -offset) || (offset >= 0 && offset+length > strlen(ret))) {
                if (offset >= 0)
                        length = strlen(ret)-offset;
                else
                        length = strlen(ret)+offset; /* XXX should be length = -offset */
        }
 

right ?

cheers
luigi



More information about the asterisk-dev mailing list