Fix potential buffer underflow and inefficient copy using fnmatch.

If length was zero we could check the -1 index. A nul was always added because we only used the length of the string, not the buffer (i.e. off by one). Also remove a check for a negative number from an unsigned number.
hughsie · Aug 29, 2018 · 3925137 · 3925137
1 parent 0f2d0d1
commit 3925137
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/libappstream-glib/as-app.c b/libappstream-glib/as-app.c
@@ -6208,7 +6208,7 @@ as_app_parse_appdata_guess_project_group (AsApp *app)
 static int
 as_utils_fnmatch (const gchar *pattern, const gchar *text, gsize text_sz, gint flags)
 {
-	if (text_sz != -1 && text[text_sz-1] != '\0') {
+	if (text_sz > 0 && text[text_sz-1] != '\0') {
 		g_autofree gchar *text_with_nul = g_strndup (text, text_sz);
 		return fnmatch (pattern, text_with_nul, flags);
 	}
@@ -6323,7 +6323,7 @@ as_app_parse_appdata_file (AsApp *app,
 			     filename, error_local->message);
 		return FALSE;
 	}
-	data = g_bytes_new_take (g_steal_pointer (&data_raw), len);
+	data = g_bytes_new_take (g_steal_pointer (&data_raw), len + 1);
 	if (!as_app_parse_data (app, data, flags, &error_local)) {
 		g_set_error (error,
 			     AS_APP_ERROR,