diff options
author | Azat Khuzhin <a3at.mail@gmail.com> | 2018-10-28 16:46:24 +0300 |
---|---|---|
committer | Azat Khuzhin <a3at.mail@gmail.com> | 2018-10-28 16:50:36 +0300 |
commit | 931ec2370228e40309af51b86e10fa364a37a20e (patch) | |
tree | a07ae64421664be4e01df9d348c0d8bbbf6679b7 /buffer.c | |
parent | f83ac92da9fff789135d1e5b9050653cf7fdb517 (diff) | |
download | libevent-931ec2370228e40309af51b86e10fa364a37a20e.tar.gz |
Convert evbuffer_strspn() (internal helper) to use size_t
As pointed by @yankeehacker in #590:
Signed to Unsigned Conversion Error - buffer.c:1623
Description: This assignment creates a type mismatch by populating an
unsigned variable with a signed value. The signed integer will be
implicitly cast to an unsigned integer, converting negative values into
positive ones. If an attacker can control the signed value, it may be
possible to trigger a buffer overflow if the value specifies the length
of a memory write.
Remediation: Do not rely on implicit casts between signed and unsigned
values because the result can take on an unexpected value and violate
weak assumptions made elsewhere in the program.
Fixes: #590
Diffstat (limited to 'buffer.c')
-rw-r--r-- | buffer.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1535,11 +1535,11 @@ evbuffer_find_eol_char(struct evbuffer_ptr *it) return (-1); } -static inline int +static inline size_t evbuffer_strspn( struct evbuffer_ptr *ptr, const char *chrset) { - int count = 0; + size_t count = 0; struct evbuffer_chain *chain = ptr->internal_.chain; size_t i = ptr->internal_.pos_in_chain; |