From ede3f5e4662e1e0e0ea711a5ff26451565166868 Mon Sep 17 00:00:00 2001
From: "Anna (navi) Figueiredo Gomes" <navi@vlhl.dev>
Date: Wed, 18 Sep 2024 01:54:34 +0200
Subject: [PATCH] librc: Use proper string length in file_regex.

Currently the code uses the total size of the buffer as the bounds for
looping \0 separated fields, which leads to reading uninitialized data
and possibly overrun the buffer during regexec.

Observed on musl while matching /proc/cpuinfo.
---
 src/librc/librc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/librc/librc.c b/src/librc/librc.c
index db79315d9..b54496410 100644
--- a/src/librc/librc.c
+++ b/src/librc/librc.c
@@ -175,7 +175,7 @@ file_regex(const char *file, const char *regex)
 {
 	FILE *fp;
 	char *line = NULL;
-	size_t len = 0;
+	size_t size = 0, len = 0;
 	regex_t re;
 	bool retval = true;
 	int result;
@@ -192,7 +192,7 @@ file_regex(const char *file, const char *regex)
 		return false;
 	}
 
-	while ((rc_getline(&line, &len, fp))) {
+	while ((len = rc_getline(&line, &size, fp))) {
 		char *str = line;
 		/* some /proc files have \0 separated content so we have to
 		   loop through the 'line' */