Overview

File fix-upstream-CVE-2022-31212.patch of Package dbus-broker

Index: dbus-broker-28/subprojects/c-shquote/src/c-shquote.c
===================================================================
--- dbus-broker-28.orig/subprojects/c-shquote/src/c-shquote.c
+++ dbus-broker-28/subprojects/c-shquote/src/c-shquote.c
@@ -85,7 +85,7 @@ int c_shquote_consume_char(char **outp,
 size_t c_shquote_strnspn(const char *string,
                         size_t n_string,
                         const char *accept) {
-        bool buffer[UCHAR_MAX] = {};
+        bool buffer[UCHAR_MAX + 1] = {};
 
         for ( ; *accept; ++accept)
                 buffer[(unsigned char)*accept] = true;
@@ -100,7 +100,7 @@ size_t c_shquote_strnspn(const char *str
 size_t c_shquote_strncspn(const char *string,
                           size_t n_string,
                           const char *reject) {
-        bool buffer[UCHAR_MAX] = {};
+        bool buffer[UCHAR_MAX + 1] = {};
 
         if (strlen(reject) == 1) {
                 const char *p;
Index: dbus-broker-28/subprojects/c-shquote/src/test-private.c
===================================================================
--- dbus-broker-28.orig/subprojects/c-shquote/src/test-private.c
+++ dbus-broker-28/subprojects/c-shquote/src/test-private.c
@@ -148,6 +148,9 @@ static void test_strnspn(void) {
 
         len = c_shquote_strnspn("ab", 2, "bc");
         c_assert(len == 0);
+
+        len = c_shquote_strnspn("ab", 2, "\xff");
+        c_assert(len == 0);
 }
 
 static void test_strncspn(void) {
@@ -167,6 +170,9 @@ static void test_strncspn(void) {
 
         len = c_shquote_strncspn("ab", 2, "cd");
         c_assert(len == 2);
+
+        len = c_shquote_strncspn("ab", 2, "\xff");
+        c_assert(len == 2);
 }
 
 static void test_discard_comment(void) {
openSUSE Build Service is sponsored by
Places