summaryrefslogtreecommitdiff
path: root/utils/nsurl.c
diff options
context:
space:
mode:
authorVincent Sanders <vince@kyllikki.org>2015-07-04 09:36:46 +0100
committerVincent Sanders <vince@kyllikki.org>2015-07-04 09:36:46 +0100
commitccac30117601f6773c65a07a9f34aab76dbe6fc0 (patch)
treec11d35581c87ea43be4717b024fca0386e36b21c /utils/nsurl.c
parent123c8bc8b3d621d0e259ae9ce99ebe753036ac0b (diff)
downloadnetsurf-ccac30117601f6773c65a07a9f34aab76dbe6fc0.tar.gz
netsurf-ccac30117601f6773c65a07a9f34aab76dbe6fc0.tar.bz2
Fix a signed comparison error in nsurl parsing.
In utils/nsurl.c the function nsurl__create_from_section() has a section dealing with non-redundant ports (starting line 973). lwc_intern_string() was being called with negative lengths and as it takes a size_t (unsigned) so is getting passed a very large length which causes a segfault. this is supposed to be protected by the flag setting on line 969 however the arithmetic is all *unsigned* so the condition never matches (gdb) p length - (colon - pegs->at + skip) $9 = 18446744073709551608 changing the check arithmetic to be a simple comparison against length prevents this issue and reduces the amount of computation required.
Diffstat (limited to 'utils/nsurl.c')
-rw-r--r--utils/nsurl.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/utils/nsurl.c b/utils/nsurl.c
index e0e147229..4454ba8a1 100644
--- a/utils/nsurl.c
+++ b/utils/nsurl.c
@@ -963,7 +963,7 @@ static nserror nsurl__create_from_section(const char * const url_s,
flags |= NSURL_F_NO_PORT;
}
- if (length - (colon - pegs->at + skip) <= 0) {
+ if (length <= (colon - pegs->at + skip)) {
/* No space for a port after the colon
*/
flags |= NSURL_F_NO_PORT;