svn rev #22348: trunk/src/util/support/
tlyu@MIT.EDU
tlyu at MIT.EDU
Wed May 13 16:41:38 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22348
Commit By: tlyu
Log Message:
ticket: 6486
tags: pullup
target_version: 1.7
In util/support/utf8_conv.c, the SWAP16 macro is invoked with an
argument that has side effects. On platforms where SWAP16 can
evaluate its argument twice (including platforms where utf8_conv.c
creates a fallback definition for the SWAP16 macro), this can cause a
read overrun by a factor of two.
Rearrange the data flow to avoid calling SWAP16 with an argument that
has side effects.
Changed Files:
U trunk/src/util/support/utf8_conv.c
Modified: trunk/src/util/support/utf8_conv.c
===================================================================
--- trunk/src/util/support/utf8_conv.c 2009-05-12 23:15:32 UTC (rev 22347)
+++ trunk/src/util/support/utf8_conv.c 2009-05-13 20:41:37 UTC (rev 22348)
@@ -268,12 +268,11 @@
{
while (ucs2len == -1 ? *ucs2str : --ucs2len >= 0) {
/* Get UTF-8 size of next wide char */
+ ch = *ucs2str++;
#ifdef K5_BE
if (little_endian)
- ch = SWAP16(*ucs2str++);
- else
+ ch = SWAP16(ch);
#endif
- ch = *ucs2str++;
n = krb5int_ucs2_to_utf8(ch, NULL);
if (n < 1)
@@ -290,12 +289,11 @@
n = 1; /* In case of empty ucs2str */
while (ucs2len == -1 ? *ucs2str != 0 : --ucs2len >= 0) {
+ ch = *ucs2str++;
#ifdef K5_BE
if (little_endian)
- ch = SWAP16(*ucs2str++);
- else
+ ch = SWAP16(ch);
#endif
- ch = *ucs2str++;
n = krb5int_ucs2_to_utf8(ch, p);
More information about the cvs-krb5
mailing list