[Beignet] [PATCH v3] GBE: Don't read past end of printf format string
Rebecca N. Palmer
rebecca_palmer at zoho.com
Tue Nov 3 14:18:58 PST 2015
When p == end (the null terminator byte), don't try to read p + 1:
as this is outside the string, it might be a '%' from a different
object (causing __parse_printf_state(end + 2, end, ...) to be called,
which will fail), or an invalid address.
Signed-off-by: Rebecca Palmer <rebecca_palmer at zoho.com>
---
backend/src/llvm/llvm_printf_parser.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/backend/src/llvm/llvm_printf_parser.cpp b/backend/src/llvm/llvm_printf_parser.cpp
index bdaed8a..f427107 100644
--- a/backend/src/llvm/llvm_printf_parser.cpp
+++ b/backend/src/llvm/llvm_printf_parser.cpp
@@ -229,7 +229,7 @@ again:
printf("string end with %%\n");
goto error;
}
- if (*(p + 1) == '%') { // %%
+ if (p + 1 < end && *(p + 1) == '%') { // %%
p += 2;
goto again;
}
More information about the Beignet
mailing list