On Wed, Oct 14, 2020 at 07:02:09PM +0100, Dr. David Alan Gilbert (git) wrote:
> +static XattrMapEntry *parse_xattrmap_map(const char *rule,
> + XattrMapEntry *map,
> + size_t *nentries)
> +{
> + char sep = *rule++;
> + const char *tmp;
> + char *key;
> + char *prefix;
> + XattrMapEntry tmp_entry;
> +
> + /* At start of 'key' field */
> + tmp = strchr(rule, sep);Missing sep == '\0' check. The strchr(3) man page says: The terminating null byte is considered part of the string, so that if c is specified as '\0', these functions return a pointer to the terminator. So the code in this patch will eventually access beyond the end of the string: rule = tmp + 1; <-- tmp is already at the NUL terminator
signature.asc
Description: PGP signature
