[Asterisk-code-review] func strings: negative array index can cause corruption on s... (asterisk[13])
Corey Farrell
asteriskteam at digium.com
Sun Nov 18 12:21:20 CST 2018
Corey Farrell has posted comments on this change. ( https://gerrit.asterisk.org/10664 )
Change subject: func_strings: negative array index can cause corruption on some architectures
......................................................................
Patch Set 2: Code-Review-1
(2 comments)
I'll remove the -1 if I'm wrong, just want to make sure the comments are not missed.
https://gerrit.asterisk.org/#/c/10664/2/funcs/func_strings.c
File funcs/func_strings.c:
https://gerrit.asterisk.org/#/c/10664/2/funcs/func_strings.c@1113
PS2, Line 1113: buf[strlen(buf) - 1] = ',';
Is it impossible for strlen(buf)==0 here? What if a variable exists which matches the prefix only (nothing follows)? I know completely off-nominal but this should defend against variables that were not created by the hash function.
Maybe should check that ast_var_name(newvar) is longer than prefix and ends with '~' before writing to buf in the first place?
https://gerrit.asterisk.org/#/c/10664/2/funcs/func_strings.c@1144
PS2, Line 1144: tmp[ast_str_strlen(*buf) - 1] = ',';
Same here.
--
To view, visit https://gerrit.asterisk.org/10664
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: comment
Gerrit-Change-Id: I6e57fe7307dfd856271753aed5ba64c59b511487
Gerrit-Change-Number: 10664
Gerrit-PatchSet: 2
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Corey Farrell <git at cfware.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2 (1000185)
Gerrit-Comment-Date: Sun, 18 Nov 2018 18:21:20 +0000
Gerrit-HasComments: Yes
Gerrit-HasLabels: Yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20181118/1e22d9ee/attachment.html>
More information about the asterisk-code-review
mailing list