https://bugs.openldap.org/show_bug.cgi?id=9741
Issue ID: 9741 Summary: Meaningless out-of-bound read in ldif-filter.c Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: matthias.st.pierre@ncp-e.com Target Milestone: ---
I just stumbled over the following compiler warning in ldif-filter.c (see [1]):
14:10:41 ldif-filter.c:209:16: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int] 14:10:41 sep = "\r\n" + 2 - line_len; /* sep = copy(line) */ 14:10:41 ~~~~~~~^~~ 14:10:41 ldif-filter.c:209:16: note: use array indexing to silence this warning 14:10:41 sep = "\r\n" + 2 - line_len; /* sep = copy(line) */ 14:10:41 ^ 14:10:41 & [ ]
While the expression is valid pointer arithmetic, it does not make sense to me, because it calculates some (possibly negative) offset to the literal string "\r\n" in memory, not the address of the beginning of some line, as the comment `sep = copy(line)` suggests. (Originally added in commit [2]).
[1] https://git.openldap.org/openldap/openldap/-/blob/master/tests/progs/ldif-fi... [2] https://git.openldap.org/openldap/openldap/-/commit/725743abdb