diff options
| author | Simon Bünzli <zeniko@gmail.com> | 2014-07-18 15:09:00 +0200 |
|---|---|---|
| committer | Simon Bünzli <zeniko@gmail.com> | 2014-07-18 15:09:00 +0200 |
| commit | ef1138c1b6036061df1c82970db9991713bed987 (patch) | |
| tree | c698aa3b132ee34a3c7b6d85cb13a9a1b08cb504 /source/cbz/mucbz.c | |
| parent | 126d1639c94fe97e2fc3f849279640ad78bc379d (diff) | |
| download | mupdf-ef1138c1b6036061df1c82970db9991713bed987.tar.xz | |
prevent buffer overflow in cbz_strnatcmp
If the two arguments to cbz_strnatcmp are equal (except for leading
zeros), cbz_strnatcmp reads beyond the buffer until it finds differing
bytes or enters a non-readable memory page.
TODO: Should sorting "test01" and "test1" lead to a stable sort order?
Diffstat (limited to 'source/cbz/mucbz.c')
| -rw-r--r-- | source/cbz/mucbz.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source/cbz/mucbz.c b/source/cbz/mucbz.c index c20f42c8..06b1080e 100644 --- a/source/cbz/mucbz.c +++ b/source/cbz/mucbz.c @@ -182,7 +182,7 @@ cbz_strnatcmp(const char *a, const char *b) { int x, y; - for (;;) + while (*a || *b) { if (cbz_isdigit(*a) && cbz_isdigit(*b)) { |