"Todd C. Miller" <[email protected]> writes:
> This adds some missing length checks and fixes the crash.
> It may just be hiding the source of the actual bug, however.
I confirm, it does fix the crash.
Thanks.
> - todd
>
> Index: usr.bin/locate/locate/fastfind.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/locate/locate/fastfind.c,v
> retrieving revision 1.13
> diff -u -p -u -r1.13 fastfind.c
> --- usr.bin/locate/locate/fastfind.c 23 Oct 2015 07:57:03 -0000 1.13
> +++ usr.bin/locate/locate/fastfind.c 8 Dec 2017 15:57:22 -0000
> @@ -184,7 +184,7 @@ fastfind_mmap
> p = path + count;
> foundchar = p - 1;
>
> - for (;;) {
> + for (; len > 0; ) {
> c = (u_char)*paddr++;
> len--;
> /*
> @@ -197,7 +197,7 @@ fastfind_mmap
> */
> if (c < PARITY) {
> if (c <= UMLAUT) {
> - if (c == UMLAUT) {
> + if (c == UMLAUT && len > 0) {
> c = (u_char)*paddr++;
> len--;
