Skip to content

Commit dfa0db2

Browse files
jhijhi
committed
Check for max length before derefing by length.
Coverity CID 135025 (#1 of 1): Out-of-bounds read (OVERRUN) 29. overrun-local: Overrunning array addr.sun_path of 108 bytes at byte offset 108 using index addr_len (which evaluates to 108). 864 for (addr_len = 0; addr.sun_path[addr_len] 28. incr: Incrementing addr_len. The value of addr_len may now be up to 108. 865 && addr_len < maxlen; addr_len++); Reported upstream as https://rt.cpan.org/Ticket/Display.html?id=111707
1 parent a746ef5 commit dfa0db2

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

cpan/Socket/Socket.xs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -861,8 +861,8 @@ unpack_sockaddr_un(sun_sv)
861861
# else
862862
const int maxlen = (int)sizeof(addr.sun_path);
863863
# endif
864-
for (addr_len = 0; addr.sun_path[addr_len]
865-
&& addr_len < maxlen; addr_len++);
864+
for (addr_len = 0; addr_len < maxlen
865+
&& addr.sun_path[addr_len]; addr_len++);
866866
}
867867

868868
ST(0) = sv_2mortal(newSVpvn(addr.sun_path, addr_len));

0 commit comments

Comments
 (0)