[Beignet] [PATCH v2] GBE: Don't read past end of printf format string
Rebecca N. Palmer
rebecca_palmer at zoho.com
Mon Nov 2 14:56:38 PST 2015
When p==end (the null terminator byte), don't try to read p+1
(outside the string, so might be an invalid address or a '%' from
a different object).
Signed-off-by: Rebecca Palmer <rebecca_palmer at zoho.com>
diff --git a/backend/src/llvm/llvm_printf_parser.cpp b/backend/src/llvm/llvm_printf_parser.cpp
index bdaed8a..f427107 100644
--- a/backend/src/llvm/llvm_printf_parser.cpp
+++ b/backend/src/llvm/llvm_printf_parser.cpp
@@ -229,7 +229,7 @@ again:
printf("string end with %%\n");
goto error;
}
- if (*(p + 1) == '%') { // %%
+ if (p + 1 < end && *(p + 1) == '%') { // %%
p += 2;
goto again;
}
More information about the Beignet
mailing list