This adds some missing length checks and fixes the crash.
It may just be hiding the source of the actual bug, however.
- todd
Index: usr.bin/locate/locate/fastfind.c
===================================================================
RCS file: /cvs/src/usr.bin/locate/locate/fastfind.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 fastfind.c
--- usr.bin/locate/locate/fastfind.c 23 Oct 2015 07:57:03 -0000 1.13
+++ usr.bin/locate/locate/fastfind.c 8 Dec 2017 15:57:22 -0000
@@ -184,7 +184,7 @@ fastfind_mmap
p = path + count;
foundchar = p - 1;
- for (;;) {
+ for (; len > 0; ) {
c = (u_char)*paddr++;
len--;
/*
@@ -197,7 +197,7 @@ fastfind_mmap
*/
if (c < PARITY) {
if (c <= UMLAUT) {
- if (c == UMLAUT) {
+ if (c == UMLAUT && len > 0) {
c = (u_char)*paddr++;
len--;
