diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2015-06-07 15:11:07 +0200 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2015-06-07 21:42:15 +0200 |
commit | e2b4500209821198413fb7fb6127060034b64c87 (patch) | |
tree | 6298563e8c25ac2174c224105bb9a0e900ef3431 | |
parent | b0a0cabbee704740169c9e493d61fcf786251601 (diff) |
Missing bounds checks in buffer.c
-rw-r--r-- | src/buffer.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/buffer.c b/src/buffer.c index bc2e38f..19ea677 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -259,7 +259,11 @@ int cmark_strbuf_cmp(const cmark_strbuf *a, const cmark_strbuf *b) bufsize_t cmark_strbuf_strchr(const cmark_strbuf *buf, int c, bufsize_t pos) { - // TODO: Bounds check. + if (pos >= buf->size) + return -1; + if (pos < 0) + pos = 0; + const unsigned char *p = (unsigned char *)memchr(buf->ptr + pos, c, buf->size - pos); if (!p) return -1; @@ -269,10 +273,12 @@ bufsize_t cmark_strbuf_strchr(const cmark_strbuf *buf, int c, bufsize_t pos) bufsize_t cmark_strbuf_strrchr(const cmark_strbuf *buf, int c, bufsize_t pos) { - bufsize_t i; + if (pos < 0 || buf->size == 0) + return -1; + if (pos >= buf->size) + pos = buf->size - 1; - // TODO: Bounds check. - for (i = pos; i >= 0; i--) { + for (bufsize_t i = pos; i >= 0; i--) { if (buf->ptr[i] == (unsigned char) c) return i; } @@ -294,7 +300,8 @@ void cmark_strbuf_truncate(cmark_strbuf *buf, bufsize_t len) void cmark_strbuf_drop(cmark_strbuf *buf, bufsize_t n) { if (n > 0) { - // TODO: Bounds check. + if (n > buf->size) + n = buf->size; buf->size = buf->size - n; if (buf->size) memmove(buf->ptr, buf->ptr + n, buf->size); |