[EGIT] [core/enlightenment] master 02/02: fix a series of oob reads in evry search matching

[Mike Blumenkrantz]

discomfitor pushed a commit to branch master.

http://git.enlightenment.org/core/enlightenment.git/commit/?id=3c5cc9c0a0ee532b32dda6faff57d8ccbf41982e

commit 3c5cc9c0a0ee532b32dda6faff57d8ccbf41982e
Author: Mike Blumenkrantz <zm...@samsung.com>
Date:   Wed Jul 30 11:57:32 2014 -0400

    fix a series of oob reads in evry search matching
---
 src/modules/everything/evry_util.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/modules/everything/evry_util.c 
b/src/modules/everything/evry_util.c
index d973198..07d072d 100644
--- a/src/modules/everything/evry_util.c
+++ b/src/modules/everything/evry_util.c
@@ -68,6 +68,7 @@ evry_fuzzy_match(const char *str, const char *match)
    unsigned int m_cnt = 0;
    unsigned int m_min[MAX_WORDS];
    unsigned int m_len = 0;
+   unsigned int s_len = 0;
 
    if (!match || !str || !match[0] || !str[0])
      return 0;
@@ -87,6 +88,7 @@ evry_fuzzy_match(const char *str, const char *match)
      if (ip && ispunct(*m)) ip = 0;
 
    m_len = strlen(match);
+   s_len = strlen(str);
 
    /* with less than 3 chars match must be a prefix */
    if (m_len < 3) m_len = 0;
@@ -180,7 +182,7 @@ evry_fuzzy_match(const char *str, const char *match)
                {
                   ii = 0;
                   /* go to next match */
-                  for (; (*m != 0) && !isspace(*m); m += ii)
+                  for (; (m[0] && m[ii]) && !isspace(*m); m += ii)
                     if (!eina_unicode_utf8_next_get(m, &ii)) break;
                }
 
@@ -188,7 +190,7 @@ evry_fuzzy_match(const char *str, const char *match)
                {
                   ii = 0;
                   /* test next match */
-                  for (; (*m != 0) && isspace(*m); m += ii)
+                  for (; (m[0] && m[ii]) && !isspace(*m); m += ii)
                     if (!eina_unicode_utf8_next_get(m, &ii)) break;
                   m_cnt++;
                   break;
@@ -197,10 +199,10 @@ evry_fuzzy_match(const char *str, const char *match)
                {
                   ii = 0;
                   /* go to next word */
-                  for (; (*p != 0) && !((isspace(*p) || (ip && ispunct(*p)))); 
p += ii)
+                  for (; (p[0] && (s_len - (p - str) >= ii)) && !((isspace(*p) 
|| (ip && ispunct(*p)))); p += ii)
                     if (!eina_unicode_utf8_next_get(p, &ii)) break;
                   ii = 0;
-                  for (; (*p != 0) && ((isspace(*p) || (ip && ispunct(*p)))); 
p += ii)
+                  for (; (p[0] && (s_len - (p - str) >= ii)) && ((isspace(*p) 
|| (ip && ispunct(*p)))); p += ii)
                     if (!eina_unicode_utf8_next_get(p, &ii)) break;
                   cnt++;
                   next = p;

--