Check for max length before derefing by length.

Coverity CID 135025 (#1 of 1): Out-of-bounds read (OVERRUN) 29. overrun-local: Overrunning array addr.sun_path of 108 bytes at byte offset 108 using index addr_len (which evaluates to 108). 864 for (addr_len = 0; addr.sun_path[addr_len] 28. incr: Incrementing addr_len. The value of addr_len may now be up to 108. 865 && addr_len < maxlen; addr_len++); Reported upstream as https://rt.cpan.org/Ticket/Display.html?id=111707
author: Jarkko Hietaniemi <jhi@iki.fi> 2016-02-29 06:50:58 -0500
committer: Jarkko Hietaniemi <jhi@iki.fi> 2016-02-29 20:44:19 -0500
commit: 2d703bea55021a04c1b7a7b0abfe231ebd104d13 (patch)
tree: b5fa6dea035bc51c751047fe582b2b9b5029af2f /cpan/Socket
parent: 00d484c1d87e30631537859338714ac41ec2d216 (diff)
download: perl-2d703bea55021a04c1b7a7b0abfe231ebd104d13.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/cpan/Socket/Socket.xs b/cpan/Socket/Socket.xs
index 52df483972..3b1d70eaf4 100644
--- a/cpan/Socket/Socket.xs
+++ b/cpan/Socket/Socket.xs
@@ -861,8 +861,8 @@ unpack_sockaddr_un(sun_sv)
 #   else
 		const int maxlen = (int)sizeof(addr.sun_path);
 #   endif
-		for (addr_len = 0; addr.sun_path[addr_len]
-		     && addr_len < maxlen; addr_len++);
+		for (addr_len = 0; addr_len < maxlen
+		     && addr.sun_path[addr_len]; addr_len++);
 	}
 
 	ST(0) = sv_2mortal(newSVpvn(addr.sun_path, addr_len));
author	Jarkko Hietaniemi <jhi@iki.fi>	2016-02-29 06:50:58 -0500
committer	Jarkko Hietaniemi <jhi@iki.fi>	2016-02-29 20:44:19 -0500
commit	2d703bea55021a04c1b7a7b0abfe231ebd104d13 (patch)
tree	b5fa6dea035bc51c751047fe582b2b9b5029af2f /cpan/Socket
parent	00d484c1d87e30631537859338714ac41ec2d216 (diff)
download	perl-2d703bea55021a04c1b7a7b0abfe231ebd104d13.tar.gz