diff options
author | Allen Winter <allen.winter@kdab.com> | 2022-09-29 11:06:17 -0400 |
---|---|---|
committer | Allen Winter <allen.winter@kdab.com> | 2022-09-29 11:06:17 -0400 |
commit | 2ca167a6077fc1464b1dd3dde93b68c50dc0f720 (patch) | |
tree | 90a58bf2e8f2cc95c7a38d992c820f93f6f06a12 | |
parent | 6e4dab56cf1383b4d2650be019199eedf4f22755 (diff) | |
download | libical-git-2ca167a6077fc1464b1dd3dde93b68c50dc0f720.tar.gz |
icalparser.c - add protection against fuzz
-rw-r--r-- | src/libical/icalparser.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c index ff1220b3..ebb10970 100644 --- a/src/libical/icalparser.c +++ b/src/libical/icalparser.c @@ -149,8 +149,10 @@ static char *parser_get_next_char(char c, char *str, int qm) char *p = str; char next_char = *p; char prev_char = 0; + unsigned int cnt = 0; - while (next_char != '\0') { + while ((cnt < TMP_BUF_SIZE) && (next_char != '\0')) { + cnt++; if ((prev_char != '\0') && (prev_char != '\\')) { if (qm == 1 && next_char == '"') { /* Encountered a quote, toggle quote mode */ @@ -174,13 +176,15 @@ static char *make_segment(char *start, char *end) { char *buf, *tmp; ptrdiff_t size = (ptrdiff_t)(end - start); + ptrdiff_t cnt = 0; buf = icalmemory_new_buffer((size_t)(size + 1)); strncpy(buf, start, size); *(buf + size) = 0; tmp = (buf + size); - while ((tmp >= buf) && ((*tmp == '\0') || iswspace((wint_t)*tmp))) { + while ((cnt < size) && (tmp >= buf) && ((*tmp == '\0') || iswspace((wint_t)*tmp))) { + cnt++; *tmp = 0; tmp--; } |