fix heap-buffer-overflow (#957)

Prevent incrementing passed a `\0` in our format string. Co-authored-by: Michael Grunder <michael.grunder@gmail.com> Co-authored-by: Kristján Valur Jónsson <sweskman@gmail.com>
2022-09-02 04:45:28 +08:00 · 2022-09-02 04:45:28 +08:00 · bc8d837b72
parent ca4a0e850b
commit bc8d837b72
1 changed files with 2 additions and 0 deletions
--- a/hiredis.c
+++ b/hiredis.c
@ -485,6 +485,8 @@ int redisvFormatCommand(char **target, const char *format, va_list ap) {

            touched = 1;
            c++;
+            if (*c == '\0')
+                break;
        }
        c++;
    }