Commit dc04193c482c32c3c8d650a17a3f750ee9e25097
2020-05-29T19:35:42
libpkgconf: fragment: fix out of boundary read Parsing a fragment which consists only of a single dash leads to an out of boundary read. It duplicates the following entry which is not expected behaviour if another fragment follows. Proof of concept: $ cat > poc.pc << "EOF" Name: poc Description: poc Version: 1 Cflags: - -I/somewhere EOF $ PKG_CONFIG_PATH=. pkgconf --cflags poc -I/somewhere -I/somewhere If - is the last entry, it leads to an out of boundary read, which is easy to see if pkgconf is compiled with address sanitizer.