Don't access path at byte 2 when it might only contain a single byte.
Error: OVERRUN (CWE-119): [#def27] [important]
bluez-5.76/obexd/client/session.c:1135:2: alias: Assigning: "first" = """". "first" now points to byte 0 of """" (which consists of 1 bytes).
bluez-5.76/obexd/client/session.c:1142:2: overrun-buffer-val: Overrunning buffer pointed to by "first" of 1 bytes by passing it to a function which accesses it at byte offset 2.
1140| req->index++;
1141|
1142|-> p->req_id = g_obex_setpath(p->session->obex, first, setpath_cb, p, err);
1143| if (*err != NULL)
1144| return (*err)->code;
---
gobex/gobex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gobex/gobex.c b/gobex/gobex.c
index fdeb11c65130..40d6b8129b00 100644
--- a/gobex/gobex.c
+++ b/gobex/gobex.c
@@ -1611,7 +1611,7 @@ guint g_obex_setpath(GObex *obex, const char *path, GObexResponseFunc func,
memset(&data, 0, sizeof(data));
- if (path != NULL && strncmp("..", path, 2) == 0) {
+ if (path != NULL && strlen(path) >= 2 && strncmp("..", path, 2) == 0) {
data.flags = 0x03;
folder = (path[2] == '/') ? &path[3] : NULL;
} else {
--
2.45.1
