aboutsummaryrefslogtreecommitdiff
path: root/docs/draft-coar-cgi-v11-03-clean.html
diff options
context:
space:
mode:
authorQuentin Rameau <quinq@fifth.space>2018-04-01 19:49:58 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2018-04-01 19:51:14 +0200
commite2afae6303e871a31a061d03359cfcd5dd86c088 (patch)
tree40482184a4ff53ea4fd3439f96e0e7e967a075cc /docs/draft-coar-cgi-v11-03-clean.html
parent2da9724b56169f00bd7fb6b9a11c9409a7620981 (diff)
downloadbusybox-e2afae6303e871a31a061d03359cfcd5dd86c088.tar.gz
sed: prevent overflow of length from bb_get_chunk_from_file
This fragment did not work right: temp = bb_get_chunk_from_file(fp, &len); if (temp) { /* len > 0 here, it's ok to do temp[len-1] */ char c = temp[len-1]; With "int len" _sign-extending_, temp[len-1] can refer to a wrong location if len > 0x7fffffff. Signed-off-by: Quentin Rameau <quinq@fifth.space> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'docs/draft-coar-cgi-v11-03-clean.html')
0 files changed, 0 insertions, 0 deletions