Bug#179531: [patch] reads past buffer in pkgTagSection::Scan()

To: submit@bugs.debian.org
Subject: Bug#179531: [patch] reads past buffer in pkgTagSection::Scan()
From: Sami Liedes <sliedes@cc.hut.fi>
Date: Mon, 3 Feb 2003 01:30:46 +0200
Message-id: <[🔎] 20030202233046.GA27794@vipunen.hut.fi>
Reply-to: Sami Liedes <sliedes@cc.hut.fi>, 179531@bugs.debian.org

Package: apt
Version: 0.5.4
Tags: patch

The attached patch fixes two reads past buffer (by one byte) in
pkgTagSection::Scan(). They are caused simply by having the repeat
conditions in for loops in a wrong order.

	Sami


diff -NurB apt-0.5.4-orig/apt-pkg/tagfile.cc apt-0.5.4/apt-pkg/tagfile.cc
--- apt-0.5.4-orig/apt-pkg/tagfile.cc	2003-02-02 03:18:06.000000000 +0200
+++ apt-0.5.4/apt-pkg/tagfile.cc	2003-02-02 03:19:49.000000000 +0200
@@ -211,13 +211,13 @@
       if (Stop == 0)
 	 return false;
       
-      for (; Stop[1] == '\r' && Stop+1 < End; Stop++);
+      for (; Stop+1 < End && Stop[1] == '\r'; Stop++);
 
       // Double newline marks the end of the record
       if (Stop+1 < End && Stop[1] == '\n')
       {
 	 Indexes[TagCount] = Stop - Section;
-	 for (; (Stop[0] == '\n' || Stop[0] == '\r') && Stop < End; Stop++);
+	 for (; Stop < End && (Stop[0] == '\n' || Stop[0] == '\r'); Stop++);
 	 return true;
       }

Reply to:

Prev by Date: Re: build-dep fixes in cvs, please test
Next by Date: Bug#178736: apt: trailing blanks
Previous by thread: Re: Compiled src-debs and apt-get upgrade
Next by thread: Bug#115953: ~others have gotten out and so can you~ igprlabvvx
Index(es):
- Date
- Thread