RepoMirrors
/
musl
mirror of git://git.musl-libc.org/musl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

harden dcngettext plural processing 

while the __mo_lookup backend can verify that the translated message
ends with a null terminator, is has no way to know nplurals and thus
no way to verify that sufficiently many null terminators are present
in the string to satisfy all plural forms. the code in dcngettext was
already attempting to avoid reading past the end of the mo file
mapping, but failed to do so because the strlen call itself could
over-read. using strnlen instead allows us to avoid the problem.
This commit is contained in:
Rich Felker 2014-07-29 12:25:41 -04:00
parent 6e89210669
commit e4dd0ab83c
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/locale/dcngettext.c
View File

@ -229,8 +229,9 @@ notrans:
unsigned long plural = __pleval(p->plural_rule, n);
if (plural > p->nplurals) goto notrans;
while (plural--) {
size_t l = strlen(trans);
if (l+1 >= p->map_size - (trans - (char *)p->map))
size_t rem = p->map_size - (trans - (char *)p->map);
size_t l = strnlen(trans, rem);
if (l+1 >= rem)
goto notrans;
trans += l+1;
}