[master] 3b12edaf9 vcc: Avoid suspicious truncation with pdiff()
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Wed Nov 25 16:37:07 UTC 2020
commit 3b12edaf95c1de1477c2cee329301b590d247af0
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Wed Nov 25 17:25:21 2020 +0100
vcc: Avoid suspicious truncation with pdiff()
Flexelint complains that this truncation is suspicious, which is fair.
The pdiff() function allows for a more expressive, and hopefully less
suspicious alternative with a bit of hardening in the process.
diff --git a/lib/libvcc/vcc_token.c b/lib/libvcc/vcc_token.c
index 34ee49ad4..167b6ed28 100644
--- a/lib/libvcc/vcc_token.c
+++ b/lib/libvcc/vcc_token.c
@@ -351,7 +351,7 @@ vcc_decstr(struct vcc *tl, unsigned sep)
unsigned int l;
assert(tl->t->tok == CSTR);
- l = (tl->t->e - tl->t->b) - (sep * 2);
+ l = pdiff(tl->t->b + sep, tl->t->e - sep);
tl->t->dec = TlAlloc(tl, l + 1);
AN(tl->t->dec);
q = tl->t->dec;
More information about the varnish-commit
mailing list