FbTk/StringUtil.cc: Fix out-of-range memory access. if pos is not npos, it will always be less than filename.size(). However, the access later is only safe if there is a character after pos, which would require pos + 1 to be less than filename.size.
Ryan Pavlik rpavlik@iastate.edu
1 files changed,
1 insertions(+),
1 deletions(-)
jump to
M
src/FbTk/StringUtil.cc
→
src/FbTk/StringUtil.cc
@@ -176,7 +176,7 @@ string retval;
size_t pos = filename.find_first_not_of(" \t"); if (pos != string::npos && filename[pos] == '~') { retval = getenv("HOME"); - if (pos != filename.size()) { + if (pos + 1 < filename.size()) { // copy from the character after '~' retval += static_cast<const char *>(filename.c_str() + pos + 1); }