Pushed as obvious.
Return early from path_escape when '\0' is seen in order to prevent
an out-of-bounds write to the dest buffer.
Signed-off-by: Aaron Merey <ame...@redhat.com>
---
debuginfod/debuginfod-client.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index d097ca49..0c4a00cf 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -595,8 +595,7 @@ path_escape (const char *src, char *dest)
{
case '\0':
dest[q] = '\0';
- q = PATH_MAX-1; /* escape for loop too */
- break;
+ return;
case '/': /* escape / to prevent dir escape */
dest[q++]='#';
dest[q++]='#';
--
2.37.3
