Merge pull request #30 from zrax/find_scan_ub

Fix for find (and related operations) reading past the end of the string.
zrax · Aug 9, 2023 · 39cdcdc · 39cdcdc
2 parents 80a3741 + 9486573
commit 39cdcdc
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 10 deletions.
diff --git a/include/st_string_priv.h b/include/st_string_priv.h
@@ -122,12 +122,11 @@ namespace _ST_PRIVATE
         const char *ep = haystack + size;
         for ( ;; ) {
             cp = find_cs(cp, ep - cp, needle[0]);
-            if (!cp)
+            if (!cp || cp + needle_size > ep)
                 return nullptr;
             if (compare_cs(cp, needle, needle_size) == 0)
                 return cp;
-            if (++cp + needle_size > ep)
-                return nullptr;
+            ++cp;
         }
     }
 
@@ -139,12 +138,11 @@ namespace _ST_PRIVATE
         const char *ep = haystack + size;
         for ( ;; ) {
             cp = find_ci(cp, ep - cp, needle[0]);
-            if (!cp)
+            if (!cp || cp + needle_size > ep)
                 return nullptr;
             if (compare_ci(cp, needle, needle_size) == 0)
                 return cp;
-            if (++cp + needle_size > ep)
-                return nullptr;
+            ++cp;
         }
     }
 

diff --git a/test/test_string.cpp b/test/test_string.cpp
@@ -1774,17 +1774,23 @@ TEST(string, find_last)
 
     // Starting position, case senstive
     EXPECT_EQ(-1, ST_LITERAL("abcdABCD").find_last(4, "ABCD", ST::case_sensitive));
-    EXPECT_EQ( 4, ST_LITERAL("abcdABCDABCDabcd").find_last(5, "ABCD", ST::case_sensitive));
+    EXPECT_EQ(-1, ST_LITERAL("abcdABCDABCDabcd").find_last(5, "ABCD", ST::case_sensitive));
     EXPECT_EQ( 4, ST_LITERAL("abcdABCDABCDabcd").find_last(8, "ABCD", ST::case_sensitive));
-    EXPECT_EQ( 8, ST_LITERAL("abcdABCDABCDabcd").find_last(9, "ABCD", ST::case_sensitive));
+    EXPECT_EQ( 4, ST_LITERAL("abcdABCDABCDabcd").find_last(9, "ABCD", ST::case_sensitive));
+    EXPECT_EQ( 4, ST_LITERAL("abcdABCDABCDabcd").find_last(11, "ABCD", ST::case_sensitive));
+    EXPECT_EQ( 8, ST_LITERAL("abcdABCDABCDabcd").find_last(12, "ABCD", ST::case_sensitive));
+    EXPECT_EQ( 8, ST_LITERAL("abcdABCDABCDabcd").find_last(100, "ABCD", ST::case_sensitive));
     EXPECT_EQ(-1, ST_LITERAL("abcdABCDabcd").find_last(4, "ABCD", ST::case_sensitive));
     EXPECT_EQ(-1, ST_LITERAL("ABCDabcd").find_last(0, "ABCD", ST::case_sensitive));
 
     // Starting position, case insenstive
     EXPECT_EQ(-1, ST_LITERAL("xxxxabcd").find_last(4, "ABCD", ST::case_insensitive));
-    EXPECT_EQ( 4, ST_LITERAL("xxxxabcdabcdxxxx").find_last(5, "ABCD", ST::case_insensitive));
+    EXPECT_EQ(-1, ST_LITERAL("xxxxabcdabcdxxxx").find_last(5, "ABCD", ST::case_insensitive));
     EXPECT_EQ( 4, ST_LITERAL("xxxxabcdabcdxxxx").find_last(8, "ABCD", ST::case_insensitive));
-    EXPECT_EQ( 8, ST_LITERAL("xxxxabcdabcdxxxx").find_last(9, "ABCD", ST::case_insensitive));
+    EXPECT_EQ( 4, ST_LITERAL("xxxxabcdabcdxxxx").find_last(9, "ABCD", ST::case_insensitive));
+    EXPECT_EQ( 4, ST_LITERAL("xxxxabcdabcdxxxx").find_last(11, "ABCD", ST::case_insensitive));
+    EXPECT_EQ( 8, ST_LITERAL("xxxxabcdabcdxxxx").find_last(12, "ABCD", ST::case_insensitive));
+    EXPECT_EQ( 8, ST_LITERAL("xxxxabcdabcdxxxx").find_last(100, "ABCD", ST::case_insensitive));
     EXPECT_EQ(-1, ST_LITERAL("xxxxabcdxxxx").find_last(4, "ABCD", ST::case_insensitive));
     EXPECT_EQ(-1, ST_LITERAL("abcdxxxx").find_last(0, "ABCD", ST::case_insensitive));