LibCore: Avoid logical OOB read in AllocatingMemoryStream::offset_of()

The previous impl was trimming the last chunk to the free space instead of the used space, which yielded an OOB read if the needle wasn't found.
author: Ali Mohammad Pur <ali.mpfard@gmail.com> 2023-01-20 21:00:40 +0330
committer: Linus Groh <mail@linusgroh.de> 2023-01-20 20:34:31 +0000
commit: 7d4a30af56a7376f1c0cf55673abd5776e21f8a1 (patch)
tree: 0b3f5c61cc0ee06b2426378839ba2f901b60d04f /Userland/Libraries
parent: c8e25a71e0397fa28734511fc9d53434f1c6c3e2 (diff)
download: serenity-7d4a30af56a7376f1c0cf55673abd5776e21f8a1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Userland/Libraries/LibCore/MemoryStream.cpp b/Userland/Libraries/LibCore/MemoryStream.cpp
index 625a1edcb9..1d4d036186 100644
--- a/Userland/Libraries/LibCore/MemoryStream.cpp
+++ b/Userland/Libraries/LibCore/MemoryStream.cpp
@@ -219,7 +219,7 @@ ErrorOr<Optional<size_t>> AllocatingMemoryStream::offset_of(ReadonlyBytes needle
     }
 
     // Trimming is done first to ensure that we don't unintentionally shift around if the first and last chunks are the same.
-    search_spans[chunk_count - 1] = search_spans[chunk_count - 1].trim(chunk_count * chunk_size - m_write_offset);
+    search_spans[chunk_count - 1] = search_spans[chunk_count - 1].trim(m_write_offset % chunk_size);
     search_spans[0] = search_spans[0].slice(m_read_offset);
 
     return AK::memmem(search_spans.begin(), search_spans.end(), needle);
author	Ali Mohammad Pur <ali.mpfard@gmail.com>	2023-01-20 21:00:40 +0330
committer	Linus Groh <mail@linusgroh.de>	2023-01-20 20:34:31 +0000
commit	7d4a30af56a7376f1c0cf55673abd5776e21f8a1 (patch)
tree	0b3f5c61cc0ee06b2426378839ba2f901b60d04f /Userland/Libraries
parent	c8e25a71e0397fa28734511fc9d53434f1c6c3e2 (diff)
download	serenity-7d4a30af56a7376f1c0cf55673abd5776e21f8a1.zip