diff options
| author | Albrecht Schlosser <albrechts.fltk@online.de> | 2015-11-03 15:08:54 +0000 |
|---|---|---|
| committer | Albrecht Schlosser <albrechts.fltk@online.de> | 2015-11-03 15:08:54 +0000 |
| commit | 2aae73febc8549adee578ecf23273ecce7a390b8 (patch) | |
| tree | 663d53e979d8ace9c78205435f586d2fa7cd5f94 /fluid | |
| parent | 2f7e5487b2dab6087eab8cdc243e81cc6d049cf9 (diff) | |
Fix out-of-bounds memory access in fluid (STR #3263).
git-svn-id: file:///fltk/svn/fltk/branches/branch-1.3@10880 ea41ed52-d2ee-0310-a9c1-e6b18d33e121
Diffstat (limited to 'fluid')
| -rw-r--r-- | fluid/code.cxx | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/fluid/code.cxx b/fluid/code.cxx index 37f134bb7..50faff532 100644 --- a/fluid/code.cxx +++ b/fluid/code.cxx @@ -151,16 +151,17 @@ int varused_test; int varused; // write an array of C characters (adds a null): -void write_cstring(const char *w, int length) { +void write_cstring(const char *s, int length) { if (varused_test) { varused = 1; return; } - const char *e = w+length; + const char *p = s; + const char *e = s+length; int linelength = 1; putc('\"', code_file); - for (; w < e;) { - int c = *w++; + for (; p < e;) { + int c = *p++; switch (c) { case '\b': c = 'b'; goto QUOTED; case '\t': c = 't'; goto QUOTED; @@ -177,7 +178,7 @@ void write_cstring(const char *w, int length) { linelength += 2; break; case '?': // prevent trigraphs by writing ?? as ?\? - if (*(w-2) == '?') goto QUOTED; + if (p-2 >= s && *(p-2) == '?') goto QUOTED; // else fall through: default: if (c >= ' ' && c < 127) { @@ -205,8 +206,8 @@ void write_cstring(const char *w, int length) { // We must not put more numbers after it, because some C compilers // consume them as part of the quoted sequence. Use string constant // pasting to avoid this: - c = *w; - if (w < e && ( (c>='0'&&c<='9') || (c>='a'&&c<='f') || (c>='A'&&c<='F') )) { + c = *p; + if (p < e && ( (c>='0'&&c<='9') || (c>='a'&&c<='f') || (c>='A'&&c<='F') )) { putc('\"', code_file); linelength++; if (linelength >= 79) {fputs("\n",code_file); linelength = 0;} putc('\"', code_file); linelength++; @@ -218,7 +219,7 @@ void write_cstring(const char *w, int length) { } // write a C string, quoting characters if necessary: -void write_cstring(const char *w) {write_cstring(w,strlen(w));} +void write_cstring(const char *s) {write_cstring(s,strlen(s));} // write an array of C binary data (does not add a null): void write_cdata(const char *s, int length) { |