From 0babc209e9160d4c34916af2fc1f7ca09861df1b Mon Sep 17 00:00:00 2001
From: hiro <hiro@ee746299-78ed-0310-b773-934348b2243d>
Date: Thu, 8 Nov 2007 02:56:37 +0000
Subject: my_memmem(): fixed buffer overrun.

git-svn-id: svn://sylpheed.sraoss.jp/sylpheed/trunk@1922 ee746299-78ed-0310-b773-934348b2243d
---
 libsylph/utils.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'libsylph')

diff --git a/libsylph/utils.c b/libsylph/utils.c
index b4db125f..fddd0433 100644
--- a/libsylph/utils.c
+++ b/libsylph/utils.c
@@ -398,18 +398,21 @@ gpointer my_memmem(gconstpointer haystack, size_t haystacklen,
 	const gchar *haystack_ = (const gchar *)haystack;
 	const gchar *needle_ = (const gchar *)needle;
 	const gchar *haystack_cur = (const gchar *)haystack;
+	size_t haystack_left = haystacklen;
 
 	if (needlelen == 1)
 		return memchr(haystack_, *needle_, haystacklen);
 
-	while ((haystack_cur = memchr(haystack_cur, *needle_, haystacklen))
+	while ((haystack_cur = memchr(haystack_cur, *needle_, haystack_left))
 	       != NULL) {
 		if (haystacklen - (haystack_cur - haystack_) < needlelen)
 			break;
 		if (memcmp(haystack_cur + 1, needle_ + 1, needlelen - 1) == 0)
 			return (gpointer)haystack_cur;
-		else
+		else {
 			haystack_cur++;
+			haystack_left = haystacklen - (haystack_cur - haystack_);
+		}
 	}
 
 	return NULL;
-- 
cgit v1.2.3