Miroirs/rpn
1
0
Fork 0
mirror of https://github.com/louisrubet/rpn synced 2025-01-30 20:34:30 +01:00
Code Issues Projects Releases Packages Wiki Activity

#37: corrected buffer overflow in string allocation

Browse source
This commit is contained in:
Louis Rubet 2017-04-15 19:34:01 +02:00
parent 7e4321dd38
commit ccca25ab24
2 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/rpn-string.h
View file

@ -5,13 +5,17 @@ void instr()
// stringify only if not already a string // stringify only if not already a string
if (_stack->get_type(0) != cmd_string) if (_stack->get_type(0) != cmd_string)
{ {
// write the object in stack(0) in a string and remove this obj
stringstream out; stringstream out;
((object*)_stack->back())->show(out); ((object*)_stack->back())->show(out);
_stack->pop_back(); _stack->pop_back();
ostring str; // reserve the correct size in stack
str.set(out.str().c_str(), out.str().size()); _stack->push_back(NULL, out.str().size(), cmd_string, true);
_stack->push_back(&str, str.size(), cmd_string);
// fill the obj
ostring* str = (ostring*)_stack->get_obj(0);
str->set(out.str().c_str(), out.str().size());
} }
} }

3
src/stack.h
View file

@ -35,7 +35,7 @@ public:
} }
virtual ~stack() { free(_base); } virtual ~stack() { free(_base); }
void push_back(void* obj, unsigned int size, int type = 0) void push_back(void* obj, unsigned int size, int type = 0, bool dont_copy = false)
{ {
if (_current + size > _base + _total_size) if (_current + size > _base + _total_size)
{ {
@ -44,6 +44,7 @@ public:
_base = (char*)realloc(_base, _total_size); _base = (char*)realloc(_base, _total_size);
} }
if (!dont_copy)
memcpy(_current, obj, size); memcpy(_current, obj, size);
_vlen.push_back(size); _vlen.push_back(size);
_vpointer.push_back(_current); _vpointer.push_back(_current);