From 2574615fa3c9c2d36b9393508bc071ef2f759e87 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@musicpd.org>
Date: Sat, 7 Sep 2019 23:21:01 +0200
Subject: [PATCH] util/UriRelative: use StringAfterPrefix() instead of memcmp()

memcmp() can overrun the buffer.
---
 src/util/UriRelative.cxx | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/util/UriRelative.cxx b/src/util/UriRelative.cxx
index 7d4234693..36d2ba633 100644
--- a/src/util/UriRelative.cxx
+++ b/src/util/UriRelative.cxx
@@ -29,6 +29,7 @@
 
 #include "UriRelative.hxx"
 #include "StringAPI.hxx"
+#include "StringCompare.hxx"
 
 #include <assert.h>
 #include <string.h>
@@ -42,9 +43,9 @@ uri_is_child(const char *parent, const char *child) noexcept
 	assert(child != nullptr);
 #endif
 
-	const size_t parent_length = strlen(parent);
-	return memcmp(parent, child, parent_length) == 0 &&
-		child[parent_length] == '/';
+	const char *suffix = StringAfterPrefix(child, parent);
+	return suffix != nullptr &&
+		*suffix == '/';
 }