aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyan Pavlik <rpavlik@iastate.edu>2011-10-28 21:21:00 (GMT)
committerRyan Pavlik <rpavlik@iastate.edu>2011-10-31 15:44:11 (GMT)
commit757f78035da77fb84ad4ab479506f494353029d1 (patch)
tree5609e73516d75ab4c9d1b47ac34fa72f453d7729
parent1ba4fbe8785a7acf3c4cab6de556929e8f5375b9 (diff)
downloadfluxbox_paul-757f78035da77fb84ad4ab479506f494353029d1.zip
fluxbox_paul-757f78035da77fb84ad4ab479506f494353029d1.tar.bz2
FbTk/StringUtil.cc: Fix out-of-range memory access.
if pos is not npos, it will always be less than filename.size(). However, the access later is only safe if there is a character after pos, which would require pos + 1 to be less than filename.size.
-rw-r--r--src/FbTk/StringUtil.cc2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/FbTk/StringUtil.cc b/src/FbTk/StringUtil.cc
index 0a7ebd3..f76a1f9 100644
--- a/src/FbTk/StringUtil.cc
+++ b/src/FbTk/StringUtil.cc
@@ -176,7 +176,7 @@ string expandFilename(const string &filename) {
176 size_t pos = filename.find_first_not_of(" \t"); 176 size_t pos = filename.find_first_not_of(" \t");
177 if (pos != string::npos && filename[pos] == '~') { 177 if (pos != string::npos && filename[pos] == '~') {
178 retval = getenv("HOME"); 178 retval = getenv("HOME");
179 if (pos != filename.size()) { 179 if (pos + 1 < filename.size()) {
180 // copy from the character after '~' 180 // copy from the character after '~'
181 retval += static_cast<const char *>(filename.c_str() + pos + 1); 181 retval += static_cast<const char *>(filename.c_str() + pos + 1);
182 } 182 }