Issue #32: Global buffer read overflow in `GetOrderFromCodePoint`.

author: Jehan <jehan@girinstud.io> 2023-07-17 16:39:52 +0200
committer: Jehan <jehan@girinstud.io> 2023-07-17 16:39:52 +0200
commit: bc93da89d91e22a6317d89cee134d1fb1fd0633b (patch)
tree: 8efeca4f8e4ff61b79d47a297e8def39b8ed4eb4
parent: bd983ca108a1c493465270702c02bbbe792ea0ed (diff)
1 files changed, 8 insertions, 13 deletions
diff --git a/src/nsLanguageDetector.cpp b/src/nsLanguageDetector.cpp
index 1cce160..2523c4d 100644
--- a/src/nsLanguageDetector.cpp
+++ b/src/nsLanguageDetector.cpp
@@ -247,31 +247,26 @@ const char* nsLanguageDetector::GetLanguage()
 
 int nsLanguageDetector::GetOrderFromCodePoint(int codePoint)
 {
-  int max = mModel->charOrderTableSize;
+  int min = 0;
+  int max = mModel->charOrderTableSize - 1;
   int i   = max / 2;
-  int c   = mModel->charOrderTable[i * 2];
+  int c;
 
   while ((c = mModel->charOrderTable[i * 2]) != codePoint)
   {
     if (c > codePoint)
     {
-      if (i == 0)
+      if (i == min)
         break;
       max = i - 1;
-      i = i / 2;
-    }
-    else if (i < max - 1)
-    {
-      i += (max - i) / 2;
-    }
-    else if (i == max - 1)
-    {
-      i = max;
     }
     else
     {
-      break;
+      if (i == max)
+        break;
+      min = i + 1;
     }
+    i = min + (max - min) / 2;
   }
 
   return (c == codePoint) ? mModel->charOrderTable[i * 2 + 1] : -1;
author	Jehan <jehan@girinstud.io>	2023-07-17 16:39:52 +0200
committer	Jehan <jehan@girinstud.io>	2023-07-17 16:39:52 +0200
commit	bc93da89d91e22a6317d89cee134d1fb1fd0633b (patch)
tree	8efeca4f8e4ff61b79d47a297e8def39b8ed4eb4
parent	bd983ca108a1c493465270702c02bbbe792ea0ed (diff)