summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn-Mark Bell <jmb@netsurf-browser.org>2014-01-12 11:54:46 (GMT)
committer John-Mark Bell <jmb@netsurf-browser.org>2014-01-12 11:54:46 (GMT)
commitc17538277ea7136697b952e1be1ed5b58c2b5629 (patch)
tree5f1a915739dbf301e1da8a9f5ff69a5a6b134e57
parenta16bb86f102dcab0c24fc6ab904d48afd8d0d9fd (diff)
downloadlibparserutils-c17538277ea7136697b952e1be1ed5b58c2b5629.tar.gz
libparserutils-c17538277ea7136697b952e1be1ed5b58c2b5629.tar.bz2
Fix bounds checking. Fixes CID 1152178, 1152179.
-rw-r--r--src/charset/codecs/codec_utf16.c2
-rw-r--r--src/charset/codecs/codec_utf8.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/src/charset/codecs/codec_utf16.c b/src/charset/codecs/codec_utf16.c
index 19d8bbb..4a2d7ee 100644
--- a/src/charset/codecs/codec_utf16.c
+++ b/src/charset/codecs/codec_utf16.c
@@ -449,7 +449,7 @@ parserutils_error charset_utf16_codec_read_char(charset_utf16_codec *c,
return error;
} else if (error == PARSERUTILS_NEEDDATA) {
/* Incomplete input sequence */
- if (*sourcelen > INVAL_BUFSIZE)
+ if (*sourcelen >= INVAL_BUFSIZE)
abort();
memmove(c->inval_buf, *source, *sourcelen);
diff --git a/src/charset/codecs/codec_utf8.c b/src/charset/codecs/codec_utf8.c
index 4de7273..4016ebc 100644
--- a/src/charset/codecs/codec_utf8.c
+++ b/src/charset/codecs/codec_utf8.c
@@ -441,7 +441,7 @@ parserutils_error charset_utf8_codec_read_char(charset_utf8_codec *c,
return error;
} else if (error == PARSERUTILS_NEEDDATA) {
/* Incomplete input sequence */
- if (*sourcelen > INVAL_BUFSIZE)
+ if (*sourcelen >= INVAL_BUFSIZE)
abort();
memmove(c->inval_buf, *source, *sourcelen);