From ef1138c1b6036061df1c82970db9991713bed987 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20B=C3=BCnzli?= <zeniko@gmail.com>
Date: Fri, 18 Jul 2014 15:09:00 +0200
Subject: prevent buffer overflow in cbz_strnatcmp

If the two arguments to cbz_strnatcmp are equal (except for leading
zeros), cbz_strnatcmp reads beyond the buffer until it finds differing
bytes or enters a non-readable memory page.

TODO: Should sorting "test01" and "test1" lead to a stable sort order?
---
 source/cbz/mucbz.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source/cbz/mucbz.c')

diff --git a/source/cbz/mucbz.c b/source/cbz/mucbz.c
index c20f42c8..06b1080e 100644
--- a/source/cbz/mucbz.c
+++ b/source/cbz/mucbz.c
@@ -182,7 +182,7 @@ cbz_strnatcmp(const char *a, const char *b)
 {
 	int x, y;
 
-	for (;;)
+	while (*a || *b)
 	{
 		if (cbz_isdigit(*a) && cbz_isdigit(*b))
 		{
-- 
cgit v1.2.3