From 757f78035da77fb84ad4ab479506f494353029d1 Mon Sep 17 00:00:00 2001
From: Ryan Pavlik <rpavlik@iastate.edu>
Date: Fri, 28 Oct 2011 15:21:00 -0600
Subject: FbTk/StringUtil.cc: Fix out-of-range memory access.

if pos is not npos, it will always be less than filename.size().
However, the access later is only safe if there is a character
after pos, which would require pos + 1 to be less than filename.size.
---
 src/FbTk/StringUtil.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/FbTk/StringUtil.cc b/src/FbTk/StringUtil.cc
index 0a7ebd3..f76a1f9 100644
--- a/src/FbTk/StringUtil.cc
+++ b/src/FbTk/StringUtil.cc
@@ -176,7 +176,7 @@ string expandFilename(const string &filename) {
     size_t pos = filename.find_first_not_of(" \t");
     if (pos != string::npos && filename[pos] == '~') {
         retval = getenv("HOME");
-        if (pos != filename.size()) {
+        if (pos + 1 < filename.size()) {
             // copy from the character after '~'
             retval += static_cast<const char *>(filename.c_str() + pos + 1);
         }
-- 
cgit v0.11.2