diff options
| author | Ryan Pavlik <rpavlik@iastate.edu> | 2011-10-28 21:21:00 (GMT) |
|---|---|---|
| committer | Ryan Pavlik <rpavlik@iastate.edu> | 2011-10-31 15:44:11 (GMT) |
| commit | 757f78035da77fb84ad4ab479506f494353029d1 (patch) | |
| tree | 5609e73516d75ab4c9d1b47ac34fa72f453d7729 | |
| parent | 1ba4fbe8785a7acf3c4cab6de556929e8f5375b9 (diff) | |
| download | fluxbox_paul-757f78035da77fb84ad4ab479506f494353029d1.zip fluxbox_paul-757f78035da77fb84ad4ab479506f494353029d1.tar.bz2 | |
FbTk/StringUtil.cc: Fix out-of-range memory access.
if pos is not npos, it will always be less than filename.size().
However, the access later is only safe if there is a character
after pos, which would require pos + 1 to be less than filename.size.
| -rw-r--r-- | src/FbTk/StringUtil.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/FbTk/StringUtil.cc b/src/FbTk/StringUtil.cc index 0a7ebd3..f76a1f9 100644 --- a/src/FbTk/StringUtil.cc +++ b/src/FbTk/StringUtil.cc | |||
| @@ -176,7 +176,7 @@ string expandFilename(const string &filename) { | |||
| 176 | size_t pos = filename.find_first_not_of(" \t"); | 176 | size_t pos = filename.find_first_not_of(" \t"); |
| 177 | if (pos != string::npos && filename[pos] == '~') { | 177 | if (pos != string::npos && filename[pos] == '~') { |
| 178 | retval = getenv("HOME"); | 178 | retval = getenv("HOME"); |
| 179 | if (pos != filename.size()) { | 179 | if (pos + 1 < filename.size()) { |
| 180 | // copy from the character after '~' | 180 | // copy from the character after '~' |
| 181 | retval += static_cast<const char *>(filename.c_str() + pos + 1); | 181 | retval += static_cast<const char *>(filename.c_str() + pos + 1); |
| 182 | } | 182 | } |