gfileutils: Correct operator precedence to avoid undefined pointer maths

`base` can be `-1` in some situations, which would lead to pointing
outside an allocation area if the sums were evaluated as `(file_name +
base) + 1` rather than `file_name + (base + 1)`.

I don’t see how this can practically cause an issue, as the arithmetic
is all finished before anything’s dereferenced, but let’s keep to the
letter of the C standard to avoid this coming up in code audits in
future.

Fix suggested by fablhx.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #2077
This commit is contained in:
Philip Withnall 2020-06-10 13:26:14 +01:00
parent 98b89b739a
commit e86dd77655

View File

@ -2397,7 +2397,7 @@ g_path_get_basename (const gchar *file_name)
len = last_nonslash - base; len = last_nonslash - base;
retval = g_malloc (len + 1); retval = g_malloc (len + 1);
memcpy (retval, file_name + base + 1, len); memcpy (retval, file_name + (base + 1), len);
retval [len] = '\0'; retval [len] = '\0';
return retval; return retval;