From 2f07ea0895979a8db1cb73db194cd5e8d5ff3872 Mon Sep 17 00:00:00 2001 From: Jaroslav Kysela Date: Fri, 8 Sep 2017 09:00:25 +0200 Subject: [PATCH] eit: pattern list - fix the posible memcpy overflow --- src/epggrab/module/eitpatternlist.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/epggrab/module/eitpatternlist.c b/src/epggrab/module/eitpatternlist.c index 31c9249de..4ace40e36 100644 --- a/src/epggrab/module/eitpatternlist.c +++ b/src/epggrab/module/eitpatternlist.c @@ -49,14 +49,16 @@ void *eit_pattern_apply_list(char *buf, size_t size_buf, const char *text, eit_p { regmatch_t match[2]; eit_pattern_t *p; - int size; + ssize_t size; if (!l) return NULL; /* search and report the first match */ TAILQ_FOREACH(p, l, p_links) if (!regexec(&p->compiled, text, 2, match, 0) && match[1].rm_so != -1) { size = MIN(match[1].rm_eo - match[1].rm_so, size_buf - 1); - while (size > 0 && isspace(text[match[1].rm_so + size - 1])) + if (size <= 0) + continue; + while (isspace(text[match[1].rm_so + size - 1])) size--; memcpy(buf, text + match[1].rm_so, size); buf[size] = '\0'; -- 2.47.3