[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    Re: KDE_3_2_BRANCH: kdelibs/kdecore
From:       Waldo Bastian <bastian () kde ! org>
Date:       2004-06-01 9:56:20
Message-ID: 200406011156.20541.bastian () kde ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It can still access the out of bound str[str.length()] in such case.

Cheers,
Waldo

On Tue June 1 2004 03:53, Oswald Buddenhagen wrote:
> CVS commit by ossi:
>
> don't hang on unterminated braced expandos
>
>
>   M +3 -1      kmacroexpander.cpp   1.6.6.1
>
>
> --- kdelibs/kdecore/kmacroexpander.cpp  #1.6:1.6.6.1
> @@ -402,5 +402,7 @@ KMacroMapExpander<QString,VT>::expandEsc
>      if (str[pos + 1] == '{') {
>          rpos = pos + 2;
> -        for (sl = 0; str[rpos + sl] != '}'; sl++);
> +        for (sl = 0; str[rpos + sl] != '}'; sl++)
> +            if (rpos + sl >= str.length())
> +                return 0;
>          rsl = sl + 3;
>      } else {

- -- 
bastian@kde.org  |   Novell BrainShare Europe 2004   |  bastian@suse.com
bastian@kde.org  | 12-18 September, Barcelona, Spain |  bastian@suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAvFLEN4pvrENfboIRAlhDAJ99TuYWyHWoC+UikzPCRY1e71op8ACghk+0
CMBVcI9LzeP33PVkn/I9B1s=
=2rLf
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]