Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix buffer overrun in link normalisation #446

Merged
merged 2 commits into from
Jan 17, 2025
Merged

Fix buffer overrun in link normalisation #446

merged 2 commits into from
Jan 17, 2025

Conversation

ThisIsFineTM
Copy link
Contributor

@ThisIsFineTM ThisIsFineTM commented Jan 13, 2025
edited
Loading

This fixes the buffer overrun issue. I changed the raw char* to an iterator and put a couple of bounds checks. First commit updates the normalize_link test which demonstrates the issue with EXPECT. Second commit applies the fix and changes the added tests to be ASSERT.

Closes #439

veloman-yunkan
veloman-yunkan reviewed Jan 14, 2025
View reviewed changes
src/tools.cpp Outdated Show resolved Hide resolved
src/tools.cpp Outdated Show resolved Hide resolved
veloman-yunkan
veloman-yunkan reviewed Jan 16, 2025
View reviewed changes
Copy link
Collaborator

@veloman-yunkan veloman-yunkan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but please squash the last two commits into the initial two so that the code change history is cleaner.

@ThisIsFineTM ThisIsFineTM force-pushed the 439-fix-normalize_link branch from af0904c to 491caf4 Compare January 17, 2025 00:09
@ThisIsFineTM
Copy link
Contributor Author

@veloman-yunkan squash pushed 👍

@kelson42 kelson42 changed the title 439 fix normalize link Fix buffer overrun in link normalisation Jan 17, 2025
@codecov Codecov
Copy link

codecov bot commented Jan 17, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 27.70%. Comparing base (768cbe5) to head (491caf4).
Report is 3 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #446      +/-   ##
==========================================
+ Coverage   27.54%   27.70%   +0.15%     
==========================================
  Files          26       26              
  Lines        2530     2534       +4     
  Branches     1362     1363       +1     
==========================================
+ Hits          697      702       +5     
  Misses       1325     1325              
+ Partials      508      507       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@kelson42 kelson42 merged commit b4a1fa0 into openzim:main Jan 17, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@veloman-yunkan veloman-yunkan veloman-yunkan left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

tools.cpp::normalize_link can read off the end of the buffer
3 participants
@ThisIsFineTM @veloman-yunkan @kelson42