Avoid incrementing a pointer past the end

The ‘end’ parameter to ‘strtaglen’ might point past the end of an allocation. Therefore, if ‘start’ becomes equal to ‘end’, exit the loop without calling ‘memchr’ on it.
pmatilai · Feb 18, 2021 · 165330b · 165330b
1 parent 210198b
commit 165330b
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/lib/header.c b/lib/header.c
@@ -412,10 +412,8 @@ static inline int strtaglen(const char *str, rpm_count_t c, const char *end)
     const char *s;
 
     if (end) {
-	if (str >= end)
-	    return -1;
-	while ((s = memchr(start, '\0', end-start))) {
-	    if (--c == 0 || s > end)
+	while (end > start && (s = memchr(start, '\0', end-start))) {
+	    if (--c == 0)
 		break;
 	    start = s + 1;
 	}