diff options
| author | Rebecca N. Palmer <rebecca_palmer@zoho.com> | 2015-11-03 22:18:58 +0000 |
|---|---|---|
| committer | Yang Rong <rong.r.yang@intel.com> | 2015-11-04 10:44:59 +0800 |
| commit | 7825653733459c1fcde7986d094c9e9218ee2c98 (patch) | |
| tree | 1f8fad515603255d076feb28a20ee1914a2c361b | |
| parent | 3c501328a0d58abfeef32da89063480b5ef8bf36 (diff) | |
GBE: Don't read past end of printf format string
When p == end (the null terminator byte), don't try to read p + 1:
as this is outside the string, it might be a '%' from a different
object (causing __parse_printf_state(end + 2, end, ...) to be called,
which will fail), or an invalid address.
Signed-off-by: Rebecca Palmer <rebecca_palmer@zoho.com>
Reviewed-by: Pan, Xiuli <xiuli.pan@intel.com>
| -rw-r--r-- | backend/src/llvm/llvm_printf_parser.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/backend/src/llvm/llvm_printf_parser.cpp b/backend/src/llvm/llvm_printf_parser.cpp index bdaed8ab..e2adcd87 100644 --- a/backend/src/llvm/llvm_printf_parser.cpp +++ b/backend/src/llvm/llvm_printf_parser.cpp @@ -229,7 +229,7 @@ again: printf("string end with %%\n"); goto error; } - if (*(p + 1) == '%') { // %% + if (p + 1 < end && *(p + 1) == '%') { // %% p += 2; goto again; } |