This patch improves the argument checking in sd_substring().
2025-05-09 Bruno Haible <br...@clisp.org>
string-desc: Detect invalid arguments to sd_substring.
* lib/string-desc.c (sd_substring): Verify that the substring does not
extend beyond the given string.
diff --git a/lib/string-desc.c b/lib/string-desc.c
index d99eca80e3..dc13f2f150 100644
--- a/lib/string-desc.c
+++ b/lib/string-desc.c
@@ -173,7 +173,7 @@ sd_substring (string_desc_t s, idx_t start, idx_t end)
{
string_desc_t result;
- if (!(start >= 0 && start <= end))
+ if (!(start >= 0 && start <= end && end <= s._nbytes))
/* Invalid arguments. */
abort ();
