Bug#192225: string::string(const char *) called with non-null-terminated string
Hi,
I found some more use of uninitialized char buffers.
This patch is against 0.5.5
Peter
diff -ru apt-0.5.5.org/apt-inst/contrib/arfile.cc apt-0.5.5/apt-inst/contrib/arfile.cc
--- apt-0.5.5.org/apt-inst/contrib/arfile.cc 2003-02-10 00:36:12.000000000 +0000
+++ apt-0.5.5/apt-inst/contrib/arfile.cc 2003-05-07 08:13:41.000000000 +0000
@@ -115,7 +115,7 @@
{
unsigned int I = sizeof(Head.Name) - 1;
for (; Head.Name[I] == ' '; I--);
- Memb->Name = string(Head.Name,0,I+1);
+ Memb->Name = string(Head.Name,I+1);
}
// Account for the AR header alignment
diff -ru apt-0.5.5.org/apt-pkg/contrib/strutl.cc apt-0.5.5/apt-pkg/contrib/strutl.cc
--- apt-0.5.5.org/apt-pkg/contrib/strutl.cc 2003-02-02 22:20:27.000000000 +0000
+++ apt-0.5.5/apt-pkg/contrib/strutl.cc 2003-05-07 08:08:23.000000000 +0000
@@ -652,7 +652,7 @@
continue;
// Pull the message out
- string Message(Buffer,0,I-Buffer);
+ string Message(Buffer,I-Buffer);
// Fix up the buffer
for (; I < End && *I == '\n'; I++);
@@ -1045,7 +1045,7 @@
Path = "/";
// Now we attempt to locate a user:pass@host fragment
- if (FirstColon[1] == '/' && FirstColon[2] == '/')
+ if (FirstColon + 2 <= U.end() && FirstColon[1] == '/' && FirstColon[2] == '/')
FirstColon += 3;
else
FirstColon += 1;
Reply to: