diff options
author | Olly Betts <olly@survex.com> | 2020-09-04 10:44:49 +1200 |
---|---|---|
committer | Olly Betts <olly@survex.com> | 2020-09-04 10:44:49 +1200 |
commit | 975f8fcfdba56294bb190d745cdd449a52e633f4 (patch) | |
tree | 891b443eda9ead7c831efa48757b8b896454e216 | |
parent | b018c32f9d0ba963560fa08da84802c23c41d89d (diff) | |
download | swig-975f8fcfdba56294bb190d745cdd449a52e633f4.tar.gz |
Avoid undefined behaviour in DOH Replace() function
If the source and replacement strings were the same length, the code
was performing undefined pointer arithmetic involving a NULL pointer.
I'm not aware of any observable effects of this in practice, but it's
potentially problematic. It's detected by ubsan, for example when
running `make check-python-test-suite`:
DOH/string.c:839:4: runtime error: applying non-zero offset to non-null pointer 0x602000001558 produced null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior DOH/string.c:839:4 in
-rw-r--r-- | Source/DOH/string.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Source/DOH/string.c b/Source/DOH/string.c index 3689f4ffe..093330b89 100644 --- a/Source/DOH/string.c +++ b/Source/DOH/string.c @@ -836,7 +836,9 @@ static int replace_simple(String *str, char *token, char *rep, int flags, int co memmove(t, s, (str->str + str->len) - s + 1); } } else { - t += (c - s); + if (c) { + t += (c - s); + } } s = c; ic--; |