Merged revisions 293159 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r293159 | jpeeler | 2010-10-28 11:11:08 -0500 (Thu, 28 Oct 2010) | 18 lines Merged revisions 293158 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ........ r293158 | jpeeler | 2010-10-28 11:09:40 -0500 (Thu, 28 Oct 2010) | 11 lines Fix infinite loop in FILTER(). Specifically when you're using characters above \x7f or invalid character escapes (e.g. \xgg). (closes issue #18060) Reported by: wdoekes Patches: issue18060_func_strings_filter_infinite_loop.patch uploaded by wdoekes (license 717) Tested by: wdoekes ........ ................ git-svn-id: http://svn.digium.com/svn/asterisk/trunk@293160 f38db490-d61c-443f-a65b-d21fe96a405b
2010-10-28 16:11:53 +00:00 · 2010-10-28 16:11:53 +00:00 · 4fa3407e83
parent 29c9b64e28
commit 4fa3407e83
1 changed files with 3 additions and 3 deletions
--- a/funcs/func_strings.c
+++ b/funcs/func_strings.c
@ -719,10 +719,10 @@ static int filter(struct ast_channel *chan, const char *cmd, char *parse, char *

 		if (*(args.allowed) == '-') {
 			if (ast_get_encoded_char(args.allowed + 1, &c2, &consumed))
-				c2 = -1;
+				c2 = c1;
 			args.allowed += consumed + 1;

-			if ((c2 < c1 || c2 == -1) && !ast_opt_dont_warn) {
+			if ((unsigned char) c2 < (unsigned char) c1 && !ast_opt_dont_warn) {
 				ast_log(LOG_WARNING, "Range wrapping in FILTER(%s,%s).  This may not be what you want.\n", parse, args.string);
 			}

@ -730,7 +730,7 @@ static int filter(struct ast_channel *chan, const char *cmd, char *parse, char *
 			 * Looks a little strange, until you realize that we can overflow
 			 * the size of a char.
 			 */
-			for (ac = c1; ac != c2; ac++) {
+			for (ac = (unsigned char) c1; ac != (unsigned char) c2; ac++) {
 				bitfield[ac / 32] |= 1 << (ac % 32);
 			}
 			bitfield[ac / 32] |= 1 << (ac % 32);