avoid out-of-bounds read for invalid quoted timezone

Parsing the timezone name must stop when reaching the null terminator. In that case, there is no '>' to skip.
author: Samuel Holland <samuel@sholland.org> 2020-02-22 16:01:12 -0600
committer: Rich Felker <dalias@aerifal.cx> 2020-03-21 12:24:40 -0400
commit: 8e452abae67db445fb6c3e37cd566c4788c2e8f3 (patch)
tree: e34d03b6e6bc02fa8ad72d3f85f48ed8b41077d3 /src
parent: 526df238d0d05fe4e8446720d9d0374646f82f82 (diff)
download: musl-8e452abae67db445fb6c3e37cd566c4788c2e8f3.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/time/__tz.c b/src/time/__tz.c
index 185642e8..a962960e 100644
--- a/src/time/__tz.c
+++ b/src/time/__tz.c
@@ -86,9 +86,9 @@ static void getname(char *d, const char **p)
 	int i;
 	if (**p == '<') {
 		++*p;
-		for (i=0; (*p)[i]!='>' && i<TZNAME_MAX; i++)
+		for (i=0; (*p)[i] && (*p)[i]!='>' && i<TZNAME_MAX; i++)
 			d[i] = (*p)[i];
-		++*p;
+		if ((*p)[i]) ++*p;
 	} else {
 		for (i=0; ((*p)[i]|32)-'a'<26U && i<TZNAME_MAX; i++)
 			d[i] = (*p)[i];
author	Samuel Holland <samuel@sholland.org>	2020-02-22 16:01:12 -0600
committer	Rich Felker <dalias@aerifal.cx>	2020-03-21 12:24:40 -0400
commit	8e452abae67db445fb6c3e37cd566c4788c2e8f3 (patch)
tree	e34d03b6e6bc02fa8ad72d3f85f48ed8b41077d3 /src
parent	526df238d0d05fe4e8446720d9d0374646f82f82 (diff)
download	musl-8e452abae67db445fb6c3e37cd566c4788c2e8f3.tar.gz