guijan
commented
1 year ago I haven't looked deeply into the code yet but a pointer to one past the end of an object isn't UB.
Closed N-R-K closed 1 year ago
guijan
commented
1 year ago I haven't looked deeply into the code yet but a pointer to one past the end of an object isn't UB.
N-R-K
commented
1 year ago I haven't looked deeply into the code yet but a pointer to one past the end of an object isn't UB.
I'm aware. It's not about the pointer itself. But because the pointer goes past the nul-byte, it will start reading uninitialized memory.
If the last character of a filename is
$or\then thecpointer can end up advancing past the end of the string.https://github.com/resurrecting-open-source-projects/scrot/blob/7932f280d798cdb1d29174963e17cd41f6ce6691/src/scrot.c#L670-L672
Assuming
$was the last character, this will push\0intoretand thencwill be incremented past the end of the string on the next loop iteration.