diff options
| author | Derrick Pallas <derrick@pallas.us> | 2019-02-02 18:18:18 -0800 |
|---|---|---|
| committer | Nicolas Williams <nico@cryptonector.com> | 2019-02-04 14:12:03 -0600 |
| commit | 21be3857b5317d03601487408b4b7eeec69f5bfc (patch) | |
| tree | be8b3263f2e9d425f3d1d2b11a3ec77e4d3514e7 | |
| parent | d29bf5b4fc0ada552a95f592401bf37dd442aa3e (diff) | |
builtin/f_match: prevent overruns of input_string
If these values do not match exactly, it is because the UTF-8 is invalid
anyway and we counted codepoints differently than oniguruma did. Perhaps it
would be better to error out here, but at least one similar loop already
uses < vs != and since we're off the rails anyway this might be OK. It is
certainly better than overruning the buffer.
Resolves https://github.com/stedolan/jq/issues/1804
| -rw-r--r-- | src/builtin.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/builtin.c b/src/builtin.c index c56dca9e..95c2f4f2 100644 --- a/src/builtin.c +++ b/src/builtin.c @@ -865,7 +865,7 @@ static jv f_match(jq_state *jq, jv input, jv regex, jv modifiers, jv testmode) { if (region->end[0] == region->beg[0]) { unsigned long idx; const char *fr = (const char*)input_string; - for (idx = 0; fr != input_string+region->beg[0]; idx++) { + for (idx = 0; fr < input_string+region->beg[0]; idx++) { fr += jvp_utf8_decode_length(*fr); } jv match = jv_object_set(jv_object(), jv_string("offset"), jv_number(idx)); @@ -902,7 +902,7 @@ static jv f_match(jq_state *jq, jv input, jv regex, jv modifiers, jv testmode) { cap = jv_object_set(cap, jv_string("string"), jv_null()); } else { fr = input_string; - for (idx = 0; fr != input_string+region->beg[i]; idx++) { + for (idx = 0; fr < input_string+region->beg[i]; idx++) { fr += jvp_utf8_decode_length(*fr); } cap = jv_object_set(jv_object(), jv_string("offset"), jv_number(idx)); @@ -914,7 +914,7 @@ static jv f_match(jq_state *jq, jv input, jv regex, jv modifiers, jv testmode) { continue; } fr = input_string; - for (idx = len = 0; fr != input_string+region->end[i]; len++) { + for (idx = len = 0; fr < input_string+region->end[i]; len++) { if (fr == input_string+region->beg[i]) idx = len, len=0; fr += jvp_utf8_decode_length(*fr); } |