From 2888850684062a057a526555e7209bf32d788b17 Mon Sep 17 00:00:00 2001 From: Ruben Carlo Benante Date: Fri, 22 May 2026 20:36:53 -0300 Subject: [PATCH] IMPROVES-i4 strnlen() caps shit11() --- lib11sht.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib11sht.c b/lib11sht.c index 342d149..1a1f2c0 100644 --- a/lib11sht.c +++ b/lib11sht.c @@ -93,14 +93,20 @@ static float shit11(char *s1, char *s2) int len1, len2; int i, j, cost; - len1 = strlen(s1); - len2 = strlen(s2); + /* strnlen guards against missing NUL (no read past LEVN_SBUFF) */ + len1 = (int)strnlen(s1, LEVN_SBUFF); + len2 = (int)strnlen(s2, LEVN_SBUFF); if(len1 == 0 && len2 == 0) return 1.0; /* both empty == identical */ if(len1 == 0 || len2 == 0) return 0.0; /* one empty == no similarity */ + /* Defensive cap: refuse to allocate too-large VLA. Bounds the stack + * matrix at LEVN_SBUFF × LEVN_SBUFF × sizeof(int) = ~256 KB worst case. */ + if(len1 >= LEVN_SBUFF || len2 >= LEVN_SBUFF) + return 0.0; /* treat as "completely dissimilar" */ + int d[len1+1][len2+1]; for(i=0; i<=len1; i++)