https://bugs.openldap.org/show_bug.cgi?id=9741
Issue ID: 9741
Summary: Meaningless out-of-bound read in ldif-filter.c
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I just stumbled over the following compiler warning in ldif-filter.c (see [1]):
14:10:41 ldif-filter.c:209:16: warning: adding 'int' to a string does not
append to the string [-Wstring-plus-int]
14:10:41 sep = "\r\n" + 2 - line_len; /* sep = copy(line)
*/
14:10:41 ~~~~~~~^~~
14:10:41 ldif-filter.c:209:16: note: use array indexing to silence this
warning
14:10:41 sep = "\r\n" + 2 - line_len; /* sep = copy(line)
*/
14:10:41 ^
14:10:41 & [ ]
While the expression is valid pointer arithmetic, it does not make sense to me,
because it calculates some (possibly negative) offset to the literal string
"\r\n" in memory, not the address of the beginning of some line, as the comment
`sep = copy(line)` suggests. (Originally added in commit [2]).
[1]
https://git.openldap.org/openldap/openldap/-/blob/master/tests/progs/ldif-filter.c#L209
[2] https://git.openldap.org/openldap/openldap/-/commit/725743abdb
--
You are receiving this mail because:
You are on the CC list for the issue.
