From 50bfca986511c3ee17dc8328da30567fae74116a Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Tue, 22 Oct 2024 06:40:07 -0400 Subject: [PATCH] src/svgtiny_css.c: empty substrings don't match anything in CSS The _node_has_attribute_substring() function is responsible for handling foo[bar*=baz] selectors. It returns "match" by reference, but there's a special case early on for the empty substring that did not set *match to false. This could lead to it being used ininitialized by the caller. --- src/svgtiny_css.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/svgtiny_css.c b/src/svgtiny_css.c index 4856ac3..bdd12b3 100644 --- a/src/svgtiny_css.c +++ b/src/svgtiny_css.c @@ -1216,6 +1216,7 @@ static css_error _node_has_attribute_substring(void *pw, void *node, if (substrlen == 0) { /* In this case, the spec says that "if 'val' is the * empty string, it will never represent anything." */ + *match = false; return CSS_OK; } -- 2.49.0