Fix a signed comparison error in nsurl parsing.

In utils/nsurl.c the function nsurl__create_from_section() has a section dealing with non-redundant ports (starting line 973). lwc_intern_string() was being called with negative lengths and as it takes a size_t (unsigned) so is getting passed a very large length which causes a segfault. this is supposed to be protected by the flag setting on line 969 however the arithmetic is all *unsigned* so the condition never matches (gdb) p length - (colon - pegs->at + skip) $9 = 18446744073709551608 changing the check arithmetic to be a simple comparison against length prevents this issue and reduces the amount of computation required.
2025-03-05 14:51:47 +03:00 · 2015-07-04 09:36:46 +01:00 · 2015-07-04 09:36:46 +01:00 · ccac301176
commit ccac301176
parent 123c8bc8b3
1 changed files with 1 additions and 1 deletions
--- a/utils/nsurl.c
+++ b/utils/nsurl.c
@ -963,7 +963,7 @@ static nserror nsurl__create_from_section(const char * const url_s,
 					flags |= NSURL_F_NO_PORT;
 				}

-				if (length - (colon - pegs->at + skip) <= 0) {
+				if (length <= (colon - pegs->at + skip)) {
 					/* No space for a port after the colon
 					 */
 					flags |= NSURL_F_NO_PORT;