Hi,
this is broken in such a strange way that I am not really sure whether
I hit the semantics expected by the callers - I hope you will be able to
figure it out? Untested, of course.
Florian
diff --git a/libudev/libudev-util.c b/libudev/libudev-util.c
index b07eabb..9a141db 100644
--- a/libudev/libudev-util.c
+++ b/libudev/libudev-util.c
@@ -448,28 +448,29 @@ int udev_util_encode_string(const char *str, char *str_enc, size_t len)
{
size_t i, j;
- if (str == NULL || str_enc == NULL || len == 0)
+ if (str == NULL || str_enc == NULL)
return -1;
- str_enc[0] = '\0';
for (i = 0, j = 0; str[i] != '\0'; i++) {
int seqlen;
seqlen = utf8_encoded_valid_unichar(&str[i]);
if (seqlen > 1) {
+ if(len-j<seqlen)goto err;
memcpy(&str_enc[j], &str[i], seqlen);
j += seqlen;
i += (seqlen-1);
} else if (str[i] == '\\' || !is_whitelisted(str[i], NULL)) {
+ if(len-j<4)goto err;
sprintf(&str_enc[j], "\\x%02x", (unsigned char) str[i]);
j += 4;
} else {
+ if(len-j<1)goto err;
str_enc[j] = str[i];
j++;
}
- if (j+3 >= len)
- goto err;
}
+ if(len-j<1)goto err;
str_enc[j] = '\0';
return 0;
err:
--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
