1. 21 Feb, 2019 1 commit
    • apply: prevent OOB read when parsing source buffer · 014d4955
      When parsing the patch image from a string, we split the string
      by newlines to get a line-based view of it. To split, we use
      `memchr` on the buffer and limit the buffer length by the
      original length provided by the caller. This works just fine for
      the first line, but for every subsequent line we need to actually
      subtract the amount of bytes that we have already read.
      
      The above issue can be easily triggered by having a source buffer
      with at least two lines, where the second line does _not_ end in
      a newline. Given a string "foo\nb", we have an original length of
      five bytes. After having extracted the first line, we will point
      to 'b' and again try to `memchr(p, '\n', 5)`, resulting in an
      out-of-bounds read of four bytes.
      
      Fix the issue by correctly subtracting the amount of bytes
      already read.
      Erik Aigner committed
  2. 02 Feb, 2019 1 commit
  3. 31 Jan, 2019 10 commits
  4. 30 Jan, 2019 2 commits
  5. 28 Jan, 2019 7 commits
  6. 27 Jan, 2019 3 commits
  7. 26 Jan, 2019 4 commits
  8. 25 Jan, 2019 12 commits