eliminate_sequences function causes crash on short strings

Brought to you by: a4lg, jessekornblum

This project can now be found here.

#15 eliminate_sequences function causes crash on short strings

Milestone: v1.0_(example)

Status: open

Owner: Jesse Kornblum

Labels: None

Priority: 5

Updated: 2013-07-16

Created: 2013-07-16

Creator: Jesse Kornblum

Private: No

The function fuzzy.c:eliminate_sequences can cause a crash if the string passed into it is less than three characters long. Here's the relevant code:

len = strlen(str);
for (i=j=3 ; i<len ; i++) {
if (str[i] != str[i-1] || str[i] != str[i-2] || str[i] != str[i-3]) {
ret[j++] = str[i];
}
}

ret[j] = 0;

Note that if the string is less than three characters, the code attempts to write to ret[j], which is 3. This can cause heap corruption and thus a crash. We can fix this by returning immediately after the strlen() if the string length is less than 3.

Discussion

Jesse Kornblum - 2013-07-16

A fix for this bug has been checked into SVN.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

eliminate_sequences function causes crash on short strings

Group

Searches

Help

#15 eliminate_sequences function causes crash on short strings

Discussion