From e86dd776552224dfc06818b45257066d4ed5bb25 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Wed, 10 Jun 2020 13:26:14 +0100 Subject: [PATCH] gfileutils: Correct operator precedence to avoid undefined pointer maths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `base` can be `-1` in some situations, which would lead to pointing outside an allocation area if the sums were evaluated as `(file_name + base) + 1` rather than `file_name + (base + 1)`. I don’t see how this can practically cause an issue, as the arithmetic is all finished before anything’s dereferenced, but let’s keep to the letter of the C standard to avoid this coming up in code audits in future. Fix suggested by fablhx. Signed-off-by: Philip Withnall Closes: #2077 --- glib/gfileutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glib/gfileutils.c b/glib/gfileutils.c index f0799e212..ede22b889 100644 --- a/glib/gfileutils.c +++ b/glib/gfileutils.c @@ -2397,7 +2397,7 @@ g_path_get_basename (const gchar *file_name) len = last_nonslash - base; retval = g_malloc (len + 1); - memcpy (retval, file_name + base + 1, len); + memcpy (retval, file_name + (base + 1), len); retval [len] = '\0'; return retval;