diff options
| author | Kevin McCarthy <kevin@8t8.us> | 2022-04-09 13:32:33 -0700 |
|---|---|---|
| committer | Kevin McCarthy <kevin@8t8.us> | 2022-04-12 11:07:34 -0700 |
| commit | f82641352c6c0f1912c518875133a9b73a0e1f34 (patch) | |
| tree | 9261b92befb8c51cb8be4665fe14293baa0ab457 /charset.c | |
| parent | 195bcad02535738e03788e34cdc3f1f0c842b6e1 (diff) | |
Fix strlen() assigns to be of type size_t where obvious.
Ticket 405 had an almost-exploit enabled by sloppy assignment of
strlen(). There were more details involved, of course, but this
served as encouragement to clean up obvious "strlen assignment to int"
in the rest of the code.
Note this is not *all* cases, only those that were simple and obvious.
In some cases, the code assigns strlen() to an int but also uses that
variable to hold negative values for another reason. In other cases,
an API is involved (e.g. SASL) that make changing potentially
dangerous. And lastly, some functions were just a bit too complicated
to risk introducing a bug.
Diffstat (limited to 'charset.c')
| -rw-r--r-- | charset.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -295,7 +295,7 @@ out: int mutt_chscmp (const char *s, const char *chs) { char buffer[STRING]; - int a, b; + size_t a, b; if (!s) return 0; @@ -451,7 +451,7 @@ size_t mutt_iconv (iconv_t cd, ICONV_CONST char **inbuf, size_t *inbytesleft, iconv (cd, 0, 0, &ob, &obl); if (obl) { - int n = strlen (outrepl); + size_t n = strlen (outrepl); if (n > obl) { outrepl = "?"; |