mirrors
/
janet
mirror of https://github.com/janet-lang/janet
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

Avoid buffer overrun 

On very long binding names > 256 characters, a buffer overrun would be
trigger in janet_cfuns. Not a huge issue, since this is not really code
that would ever be user facing, but we can fix this.
This commit is contained in:
Calvin Rose 2020-01-12 11:31:41 -06:00
parent a68ee7aac6
commit 2df8660f8b
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -21,7 +21,7 @@ janet could be embedded into other programs. Try janet in your browser at
## Use Cases
Janet makes a good system scripting language, or a language to embed in other programs. Think Lua or Guile.
Janet makes a good system scripting language, or a language to embed in other programs, like Lua or Guile.
## Features

12
src/core/util.c
View File

@ -282,8 +282,16 @@ void janet_cfuns(JanetTable *env, const char *regprefix, const JanetReg *cfuns)
if (NULL != regprefix) {
int32_t nmlen = 0;
while (cfuns->name[nmlen]) nmlen++;
int32_t totallen = (int32_t) prefixlen + nmlen;
if ((size_t) totallen > bufsize) {
bufsize = (size_t) (totallen) + 128;
longname_buffer = realloc(longname_buffer, bufsize);
if (NULL == longname_buffer) {
JANET_OUT_OF_MEMORY;
}
}
memcpy(longname_buffer + prefixlen, cfuns->name, nmlen);
name = janet_wrap_symbol(janet_symbol(longname_buffer, (int32_t) prefixlen + nmlen));
name = janet_wrap_symbol(janet_symbol(longname_buffer, totallen));
} else {
name = janet_csymbolv(cfuns->name);
}
@ -316,7 +324,7 @@ typedef struct {
void janet_register_abstract_type(const JanetAbstractType *at) {
JanetAbstractTypeWrap *abstract = (JanetAbstractTypeWrap *)
janet_abstract(&type_wrap, sizeof(JanetAbstractTypeWrap));
janet_abstract(&type_wrap, sizeof(JanetAbstractTypeWrap));
abstract->at = at;
Janet sym = janet_csymbolv(at->name);
if (!(janet_checktype(janet_table_get(janet_vm_registry, sym), JANET_NIL))) {