mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
scan-build: memarea_strndup() undefined behavior
The memarea_strndup() function would have hit undefined behavior by creating an 'end' pointer off the end of a string if it had ever been given an 'n' argument bigger than the length of the memory ares that it's scanning. Fortunately, we never did that except in the unit tests. But it's not a safe behavior to leave lying around.
This commit is contained in:
parent
685d450ab3
commit
3b1f7f75a7
@ -291,14 +291,11 @@ memarea_strdup(memarea_t *area, const char *s)
|
||||
char *
|
||||
memarea_strndup(memarea_t *area, const char *s, size_t n)
|
||||
{
|
||||
size_t ln;
|
||||
size_t ln = 0;
|
||||
char *result;
|
||||
const char *cp, *end = s+n;
|
||||
tor_assert(n < SIZE_T_CEILING);
|
||||
for (cp = s; cp < end && *cp; ++cp)
|
||||
for (ln = 0; ln < n && s[ln]; ++ln)
|
||||
;
|
||||
/* cp now points to s+n, or to the 0 in the string. */
|
||||
ln = cp-s;
|
||||
result = memarea_alloc(area, ln+1);
|
||||
memcpy(result, s, ln);
|
||||
result[ln]='\0';
|
||||
|
Loading…
Reference in New Issue
Block a user