kmx git

Commit	Date	Message
52d19e1b	2021-03-18T05:44:45	libpkgconf: fileio: pkgconf_fgetline(): handle quoted=true when a comment introduction is encountered Fixes #215.
bd4ed1ca	2020-05-24T20:51:48	libpkgconf: fileio: prevent buffer overflow. pkgconf_fgetline is called with a user-defined buffer, its size, and a FILE stream to read input from. If the buffer is almost completely filled and the file stream contains an escaped character, then it is possible to trigger an off-by-one buffer overflow with a '\0' character. Easiest example to trigger this: char buf[2]; pkgconf_fgetline(buf, sizeof(buf), stdin); Enter "\\" (two backslashes) and press enter. If the library and the program are compiled with address sanitizer, you will see the program crashing. Otherwise it depends on your architecture what happens. Since nobody should be using a buffer of only size 1 or 2, keep enough space for a possibly escaped character in while loop by subtracting one more byte for this situation, not just for '\0'.
abe0f5c8	2017-09-23T00:19:16	libpkgconf: fileio: fix quoting logic for double backslash case (ref #140)
e9fd43ca	2017-09-17T23:38:25	libpkgconf: clean up header includes (closes #137)
b17f2640	2015-09-06T10:48:24	libpkgconf: move some utility funcs into pkgconf_ namespace
a706b3dc	2015-09-06T09:35:08	initial libtoolization for libpkgconf

52d19e1b

2021-03-18T05:44:45

libpkgconf: fileio: pkgconf_fgetline(): handle quoted=true when a comment introduction is encountered Fixes #215.

bd4ed1ca

2020-05-24T20:51:48

libpkgconf: fileio: prevent buffer overflow. pkgconf_fgetline is called with a user-defined buffer, its size, and a FILE stream to read input from. If the buffer is almost completely filled and the file stream contains an escaped character, then it is possible to trigger an off-by-one buffer overflow with a '\0' character. Easiest example to trigger this: char buf[2]; pkgconf_fgetline(buf, sizeof(buf), stdin); Enter "\\" (two backslashes) and press enter. If the library and the program are compiled with address sanitizer, you will see the program crashing. Otherwise it depends on your architecture what happens. Since nobody should be using a buffer of only size 1 or 2, keep enough space for a possibly escaped character in while loop by subtracting one more byte for this situation, not just for '\0'.

abe0f5c8

2017-09-23T00:19:16

libpkgconf: fileio: fix quoting logic for double backslash case (ref #140)

e9fd43ca

2017-09-17T23:38:25

libpkgconf: clean up header includes (closes #137)

b17f2640

2015-09-06T10:48:24

libpkgconf: move some utility funcs into pkgconf_ namespace

a706b3dc

2015-09-06T09:35:08

initial libtoolization for libpkgconf

kc3-lang/pkgconf/libpkgconf/fileio.c

libpkgconf/fileio.c

Log