40e9fa1 Ticket 49471 - heap-buffer-overflow in ss_unescape

2 files Authored by tbordaz 3 years ago, Committed by mreynolds 3 years ago,
    Ticket 49471 - heap-buffer-overflow in ss_unescape
    Bug Description:
    	Two problems here
    		- when searching for wildcard and escape char, ss_unescape assumes the string
    		  is at least 3 chars longs. So memcmp can overflow a shorter string
    		- while splitting a string into substring pattern, it loops over
    		  wildcard and can overpass the string end
    Fix Description:
    	For the first problem, it checks the string size is long enough to memcmp
            a wildcard or an escape
    	For the second it exits from the loop  as soon as the end of the string is reached
    Reviewed by: William Brown
    Platforms tested: F23
    Flag Day: no
    Doc impact: no
    (cherry picked from commit 5991388ce75fba8885579b769711d57acfd43cd3)
    (cherry picked from commit 3fb1c408cb4065de8d9c0c1de050d08969d51bb0)