safety-screen/Nominatim
1
0
Fork 0
forked from hans/Nominatim
Code Pull Requests Activity

Avoid reading outside buffer

Browse Source 
Current str_replace code will read outside buffer if `isspace` and `from` occurs at the start of `buffer`
This commit is contained in:
Neil Rickards
2018-02-15 18:02:59 +00:00
committed by GitHub
parent c3483747eb
commit 8ee36fb78c
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
module/nominatim.c
View File

@@ -157,17 +157,18 @@ transliteration( PG_FUNCTION_ARGS )
PG_RETURN_TEXT_P(result);
}
// Set isspace=1 if the replacement _only_ adds a space before the search string. I.e. to == " " + from
void str_replace(char* buffer, int* len, int* changes, char* from, int fromlen, char* to, int tolen, int isspace)
{
char *p;
// Search string is too long to be pressent
// Search string is too long to be present
if (fromlen > *len) return;
p = strstr(buffer, from);
while(p)
{
if (!isspace || *(p-1) != ' ')
if (!isspace || p == buffer || *(p-1) != ' ')
{
(*changes)++;
if (tolen != fromlen) memmove(p+tolen, p+fromlen, *len-(p-buffer)+1);
@@ -230,7 +231,7 @@ gettokenstring( PG_FUNCTION_ARGS )
sourcedata = (unsigned char *)VARDATA(source);
sourcedatalength = VARSIZE(source) - VARHDRSZ;
// Buffer for doing the replace in - string could get slightly longer (double is mastive overkill)
// Buffer for doing the replace in - string could get slightly longer (double is massive overkill)
buffer = (char *)palloc((sourcedatalength*2)*sizeof(char));
memcpy(buffer+1, sourcedata, sourcedatalength);
buffer[0] = 32;