diff options
| author | Sergey Bugaev <bugaevc@gmail.com> | 2019-06-13 16:27:29 +0300 |
|---|---|---|
| committer | Andreas Kling <awesomekling@gmail.com> | 2019-06-14 06:24:02 +0200 |
| commit | e585ed48b0b3e89a8bb4a805b568b7627c42c72b (patch) | |
| tree | abebcfd19282d4933c0ebe95f1478dddad86bc8c /AK | |
| parent | c1bbd40b9e7fa2fbb5051993e729054cb54548ab (diff) | |
| download | serenity-e585ed48b0b3e89a8bb4a805b568b7627c42c72b.zip | |
AK: Fix String::matches() with non-null-terminated StringViews.
StringView character buffer is not guaranteed to be null-terminated;
in particular it will not be null-terminated when making a substring.
This means it is not correct to check whether we've reached the end
of a StringView by comparing the next character to null; instead, we
need to do an explicit length (or pointer) comparison.
Diffstat (limited to 'AK')
| -rw-r--r-- | AK/String.cpp | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/AK/String.cpp b/AK/String.cpp index 974f2dba1b..e2d5f3d2c4 100644 --- a/AK/String.cpp +++ b/AK/String.cpp @@ -230,9 +230,10 @@ bool String::match_helper(const StringView& mask) const const char* string_ptr = characters(); const char* mask_ptr = mask.characters(); + const char* mask_end = mask_ptr + mask.length(); // Match string against mask directly unless we hit a * - while ((*string_ptr) && (*mask_ptr != '*')) { + while ((*string_ptr) && (mask_ptr < mask_end) && (*mask_ptr != '*')) { if ((*mask_ptr != *string_ptr) && (*mask_ptr != '?')) return false; mask_ptr++; @@ -243,13 +244,13 @@ bool String::match_helper(const StringView& mask) const const char* mp = nullptr; while (*string_ptr) { - if (*mask_ptr == '*') { + if ((mask_ptr < mask_end) && (*mask_ptr == '*')) { // If we have only a * left, there is no way to not match. - if (!*++mask_ptr) + if (++mask_ptr == mask_end) return true; mp = mask_ptr; cp = string_ptr + 1; - } else if ((*mask_ptr == *string_ptr) || (*mask_ptr == '?')) { + } else if ((mask_ptr < mask_end) && ((*mask_ptr == *string_ptr) || (*mask_ptr == '?'))) { mask_ptr++; string_ptr++; } else { @@ -259,11 +260,11 @@ bool String::match_helper(const StringView& mask) const } // Handle any trailing mask - while (*mask_ptr == '*') + while ((mask_ptr < mask_end) && (*mask_ptr == '*')) mask_ptr++; // If we 'ate' all of the mask then we match. - return !*mask_ptr; + return mask_ptr == mask_end; } } |