zakarya/puzzles
1
0
Fork 0
mirror of git://git.tartarus.org/simon/puzzles.git synced 2025-04-21 08:01:30 -07:00
Code Issues Packages Projects Releases Wiki Activity

Fix bounds check in buffer_append.

Browse Source 
We're about to append one character to the buffer _and_ put a \0 after
it, so we need the buffer to be at least _two_ characters longer than
where the current position is.

I think this bug would have had a hard time showing up in normal use,
but I managed to trigger it by completely messing up a prototype
Emscripten preferences implementation, and a good thing too.
This commit is contained in:
Simon Tatham
2023-04-24 09:56:35 +01:00
parent bf453043db
commit 12b2608b24
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
midend.c
View File

@ -3020,7 +3020,7 @@ struct buffer {
static void buffer_append(struct buffer *buf, char c) static void buffer_append(struct buffer *buf, char c)
{ {
if (buf->len + 1 > buf->size) { if (buf->len + 2 > buf->size) {
size_t new_size = buf->size + buf->size / 4 + 128; size_t new_size = buf->size + buf->size / 4 + 128;
assert(new_size > buf->size); assert(new_size > buf->size);
buf->data = sresize(buf->data, new_size, char); buf->data = sresize(buf->data, new_size, char);