OOB access in `findfunction`
Y-Less opened this issue · comments
Y-Less commented
for (i=0; list[i].name!=NULL && (i<number || number==-1); i++)
Checks list[i].name
before checking i < number
, which is OOB when using an exact count and no sentinel entry. See:
Edit: Not an overflow, since nothing is written, but still OOB.
Thiadmer Riemersma commented
I confirmed this to be a bug. It is now fixed.
Thanks.