mirrors/janet
1
0
Fork 0
mirror of https://github.com/janet-lang/janet synced 2024-11-05 00:06:16 +00:00
Code Issues 1 Releases Wiki Activity

Fix use after free in buffer/push-string.

Browse Source
This commit is contained in:
Andrew Chambers 2019-05-08 20:08:20 +12:00 committed by Calvin Rose
parent fff60b053b
commit 1759252071
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/core/buffer.c
View File

@ -208,6 +208,16 @@ static Janet cfun_buffer_chars(int32_t argc, Janet *argv) {
JanetBuffer *buffer = janet_getbuffer(argv, 0); JanetBuffer *buffer = janet_getbuffer(argv, 0);
for (i = 1; i < argc; i++) { for (i = 1; i < argc; i++) {
JanetByteView view = janet_getbytes(argv, i); JanetByteView view = janet_getbytes(argv, i);
if (janet_checktype(argv[i], JANET_BUFFER)) {
JanetBuffer *other = janet_getbuffer(argv, i);
if (buffer == other) {
JanetBuffer *tmp = janet_buffer(buffer->count);
janet_buffer_setcount(tmp, buffer->count);
memcpy(tmp->data, buffer->data, buffer->count);
view.bytes = tmp->data;
view.len = tmp->count;
}
}
janet_buffer_push_bytes(buffer, view.bytes, view.len); janet_buffer_push_bytes(buffer, view.bytes, view.len);
} }
return argv[0]; return argv[0];

9
test/suite3.janet
View File

@ -170,6 +170,15 @@
(assert (= 8 (length b3)) "buffer/push-word 3") (assert (= 8 (length b3)) "buffer/push-word 3")
(assert (= "\xFF\xFF\xFF\xFF\0\x11\0\0" (string b3)) "buffer/push-word 4") (assert (= "\xFF\xFF\xFF\xFF\0\x11\0\0" (string b3)) "buffer/push-word 4")
# Buffer push string
(def b4 (buffer/new-filled 10 0))
(buffer/push-string b4 b4)
(assert (= "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" (string b4)) "buffer/push-buffer 1")
(def b5 @"123")
(buffer/push-string b5 "456" @"789")
(assert (= "123456789" (string b5)) "buffer/push-buffer 2")
# Peg # Peg
(defn check-match (defn check-match