openbox icon indicating copy to clipboard operation
openbox copied to clipboard

Published 20 hours ago verified publisher icon danakj

Fix out-of-bounds read

Open o9000 opened this issue 8 years ago • 2 comments
trafficstars

When the direction is right-to-left, i == -1 so memory is read one byte before the string before the pointer is checked against the bound.

o9000 avatar Apr 05 '17 10:04 o9000

You only changed the order of the && expression, this has no benefit at all except maybe for one boolean check.

joeftiger avatar Jan 13 '21 00:01 joeftiger

Yes it does. When i is -1, in the last step of the loop, lc is config_title_layout - 1, so *lc != '\0' may crash.

On Wed, Jan 13, 2021 at 1:07 AM joeftiger [email protected] wrote:

You only cha ged the order kf the && expression, this has no benefit at all except maybe for one boolean check.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/danakj/openbox/pull/26#issuecomment-759115672, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADCGYUMMZAY7SHKDUOY3SMTSZTP2PANCNFSM4DGQHYTQ .

o9000 avatar Jan 15 '21 00:01 o9000