From 97eaf2b5e5c826b9abe59896a363853bef55c5d9 Mon Sep 17 00:00:00 2001 From: wmeehan Date: Thu, 27 Aug 2020 01:45:25 -0400 Subject: bpo-41524: fix pointer bug in PyOS_mystr{n}icmp (GH-21845) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * bpo-41524: fix pointer bug in PyOS_mystr{n}icmp The existing implementations of PyOS_mystrnicmp and PyOS_mystricmp can increment pointers beyond the end of a string. This commit fixes those cases by moving the mutation out of the condition. * 📜🤖 Added by blurb_it. * Address comments Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> --- Python/pystrcmp.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'Python/pystrcmp.c') diff --git a/Python/pystrcmp.c b/Python/pystrcmp.c index f9c2277cb56..9224ce4c706 100644 --- a/Python/pystrcmp.c +++ b/Python/pystrcmp.c @@ -6,21 +6,25 @@ int PyOS_mystrnicmp(const char *s1, const char *s2, Py_ssize_t size) { + const unsigned char *p1, *p2; if (size == 0) return 0; - while ((--size > 0) && - (tolower((unsigned)*s1) == tolower((unsigned)*s2))) { - if (!*s1++ || !*s2++) - break; + p1 = (const unsigned char *)s1; + p2 = (const unsigned char *)s2; + for (; (--size > 0) && *p1 && *p2 && (tolower(*p1) == tolower(*p2)); + p1++, p2++) { + ; } - return tolower((unsigned)*s1) - tolower((unsigned)*s2); + return tolower(*p1) - tolower(*p2); } int PyOS_mystricmp(const char *s1, const char *s2) { - while (*s1 && (tolower((unsigned)*s1++) == tolower((unsigned)*s2++))) { + const unsigned char *p1 = (const unsigned char *)s1; + const unsigned char *p2 = (const unsigned char *)s2; + for (; *p1 && *p2 && (tolower(*p1) == tolower(*p2)); p1++, p2++) { ; } - return (tolower((unsigned)*s1) - tolower((unsigned)*s2)); + return (tolower(*p1) - tolower(*p2)); } -- cgit v1.2.3