From bf3fff1a9ed39d005f36db43c9893697e0a006a3 Mon Sep 17 00:00:00 2001
From: Branislav Rankov <branislav.rankov@arm.com>
Date: Thu, 12 Oct 2017 15:08:42 +0200
Subject: libutils: Fix bug in strstr16.

In the original code when target is an empty string
strlen16() would start reading the memory until a
"terminating null" (that is, zero) character is found.
This may happen because "*target++", at line 300,
would increment the pointer beyond the actual string.

Signed-off-by: Branislav Rankov <branislav.rankov@arm.com>
Signed-off-by: Tamas Petz <tamas.petz@arm.com>
Test: libutils_tests --gtest_filter=UnicodeTest.strstr16*
Change-Id: I213ffe061057c7fa8f34b68881e106a709557dcd
---
 libutils/Unicode.cpp | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

(limited to 'libutils/Unicode.cpp')

diff --git a/libutils/Unicode.cpp b/libutils/Unicode.cpp
index 5fd915524..e7520a8e8 100644
--- a/libutils/Unicode.cpp
+++ b/libutils/Unicode.cpp
@@ -297,23 +297,22 @@ size_t strnlen16(const char16_t *s, size_t maxlen)
 
 char16_t* strstr16(const char16_t* src, const char16_t* target)
 {
-    const char16_t needle = *target++;
-    const size_t target_len = strlen16(target);
-    if (needle != '\0') {
-      do {
+    const char16_t needle = *target;
+    if (needle == '\0') return (char16_t*)src;
+
+    const size_t target_len = strlen16(++target);
+    do {
         do {
-          if (*src == '\0') {
-            return nullptr;
-          }
+            if (*src == '\0') {
+                return nullptr;
+            }
         } while (*src++ != needle);
-      } while (strncmp16(src, target, target_len) != 0);
-      src--;
-    }
+    } while (strncmp16(src, target, target_len) != 0);
+    src--;
 
     return (char16_t*)src;
 }
 
-
 int strzcmp16(const char16_t *s1, size_t n1, const char16_t *s2, size_t n2)
 {
     const char16_t* e1 = s1+n1;
-- 
cgit v1.2.3