Closed Bug 188976 Opened 22 years ago Closed 22 years ago

PL_strrstr calculates the difference of two unsigned integers and the difference may be negative.

Categories

(NSPR :: NSPR, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(1 file)

In the file nsprpub/lib/libc/src/strstr.c, function PL_strrstr,
we calculates the difference of two PRUint32's:

    ll = PL_strlen(little);
    p = &big[ PL_strlen(big) - ll ];
    if( p < big ) return (char *)0;

If the string 'little' is longer than the string 'big', the
difference PL_strlen(big) - ll is really a negative number but
becomes a huge positive number because the difference of two
unsigned integers is unsigned.
This bug probably can only be reproduced on a 64-bit platform.
Attached patch Proposed patchSplinter Review
Fix checked into the tip and NSPRPUB_PRE_4_2_CLIENT_BRANCH
of NSPR.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: