Merge pull request #8 from zeux/fix-overflow

Fix buffer overflow in string_equal
2025-04-05 05:25:03 +00:00 · 2019-07-27 08:43:33 +01:00 · 2019-07-27 08:43:33 +01:00 · a92b6f4ad1
commit a92b6f4ad1
parent 38b9f04613 4053ffa30f
1 changed files with 3 additions and 3 deletions
--- a/fast_obj.h
+++ b/fast_obj.h
@ -349,10 +349,10 @@ char* string_concat(const char* a, const char* s, const char* e)
 static
 int string_equal(const char* a, const char* s, const char* e)
 {
-    while (*a++ == *s++ && s != e)
-        ;
+    size_t an = strlen(a);
+    size_t sn = (size_t)(e - s);

-    return (*a == '\0' && s == e);
+    return an == sn && memcmp(a, s, an) == 0;
 }