diff options
| author | Tim Duesterhus <tim@bastelstu.be> | 2021-08-29 00:58:22 +0200 |
|---|---|---|
| committer | Willy Tarreau <w@1wt.eu> | 2021-08-30 06:14:50 +0200 |
| commit | 18795d48a9bb09aedc57e547029828a56322e49d (patch) | |
| tree | d336a1751528bc2bed5b8fce8ca40af2278d8cbf | |
| parent | 1f269c12dc31bb63db31559cb44c187ab91abb64 (diff) | |
| download | haproxy-18795d48a9bb09aedc57e547029828a56322e49d.tar.gz | |
BUG/MINOR: tools: Fix loop condition in dump_text()
The condition should first check whether `bsize` is reached, before
dereferencing the offset. Even if this always works fine, due to the
string being null-terminated, this certainly looks odd.
Found using GitHub's CodeQL scan.
This bug traces back to at least 97c2ae13bc0d7961a348102d6719fbcaf34d46d5
(1.7.0+) and this patch should be backported accordingly.
| -rw-r--r-- | src/tools.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/tools.c b/src/tools.c index 4f536efc3..cc71d4535 100644 --- a/src/tools.c +++ b/src/tools.c @@ -4522,9 +4522,9 @@ int may_access(const void *ptr) int dump_text(struct buffer *out, const char *buf, int bsize) { unsigned char c; - int ptr = 0; + size_t ptr = 0; - while (buf[ptr] && ptr < bsize) { + while (ptr < bsize && buf[ptr]) { c = buf[ptr]; if (isprint((unsigned char)c) && isascii((unsigned char)c) && c != '\\' && c != ' ' && c != '=') { if (out->data > out->size - 1) |