From 757f78035da77fb84ad4ab479506f494353029d1 Mon Sep 17 00:00:00 2001 From: Ryan Pavlik Date: Fri, 28 Oct 2011 15:21:00 -0600 Subject: FbTk/StringUtil.cc: Fix out-of-range memory access. if pos is not npos, it will always be less than filename.size(). However, the access later is only safe if there is a character after pos, which would require pos + 1 to be less than filename.size. --- src/FbTk/StringUtil.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/FbTk/StringUtil.cc b/src/FbTk/StringUtil.cc index 0a7ebd3..f76a1f9 100644 --- a/src/FbTk/StringUtil.cc +++ b/src/FbTk/StringUtil.cc @@ -176,7 +176,7 @@ string expandFilename(const string &filename) { size_t pos = filename.find_first_not_of(" \t"); if (pos != string::npos && filename[pos] == '~') { retval = getenv("HOME"); - if (pos != filename.size()) { + if (pos + 1 < filename.size()) { // copy from the character after '~' retval += static_cast(filename.c_str() + pos + 1); } -- cgit v0.11.2