LGTM, Thanks for your help! -----Original Message----- From: Beignet [mailto:[email protected]] On Behalf Of Rebecca N. Palmer Sent: Wednesday, November 4, 2015 6:19 AM To: [email protected] Subject: Re: [Beignet] [PATCH v3] GBE: Don't read past end of printf format string
When p == end (the null terminator byte), don't try to read p + 1: as this is outside the string, it might be a '%' from a different object (causing __parse_printf_state(end + 2, end, ...) to be called, which will fail), or an invalid address. Signed-off-by: Rebecca Palmer <[email protected]> --- backend/src/llvm/llvm_printf_parser.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/llvm/llvm_printf_parser.cpp b/backend/src/llvm/llvm_printf_parser.cpp index bdaed8a..f427107 100644 --- a/backend/src/llvm/llvm_printf_parser.cpp +++ b/backend/src/llvm/llvm_printf_parser.cpp @@ -229,7 +229,7 @@ again: printf("string end with %%\n"); goto error; } - if (*(p + 1) == '%') { // %% + if (p + 1 < end && *(p + 1) == '%') { // %% p += 2; goto again; } _______________________________________________ Beignet mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/beignet _______________________________________________ Beignet mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/beignet
