Package: apt
Version: 0.5.4
Tags: patch
The attached patch fixes two reads past buffer (by one byte) in
pkgTagSection::Scan(). They are caused simply by having the repeat
conditions in for loops in a wrong order.
Sami
diff -NurB apt-0.5.4-orig/apt-pkg/tagfile.cc apt-0.5.4/apt-pkg/tagfile.cc
--- apt-0.5.4-orig/apt-pkg/tagfile.cc 2003-02-02 03:18:06.000000000 +0200
+++ apt-0.5.4/apt-pkg/tagfile.cc 2003-02-02 03:19:49.000000000 +0200
@@ -211,13 +211,13 @@
if (Stop == 0)
return false;
- for (; Stop[1] == '\r' && Stop+1 < End; Stop++);
+ for (; Stop+1 < End && Stop[1] == '\r'; Stop++);
// Double newline marks the end of the record
if (Stop+1 < End && Stop[1] == '\n')
{
Indexes[TagCount] = Stop - Section;
- for (; (Stop[0] == '\n' || Stop[0] == '\r') && Stop < End; Stop++);
+ for (; Stop < End && (Stop[0] == '\n' || Stop[0] == '\r'); Stop++);
return true;
}
