summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaz Kylheku <kaz@kylheku.com>2019-09-12 06:55:22 -0700
committerKaz Kylheku <kaz@kylheku.com>2019-09-12 06:55:22 -0700
commitead7c462846401cd3cb9e770b6ab1bae2fa9d7bb (patch)
tree06cb7278abcd8f8004874be85834bcbe5be347c9
parent2f1fdf30d8319994069326976865190561503600 (diff)
downloadtxr-ead7c462846401cd3cb9e770b6ab1bae2fa9d7bb.tar.gz
txr-ead7c462846401cd3cb9e770b6ab1bae2fa9d7bb.tar.bz2
txr-ead7c462846401cd3cb9e770b6ab1bae2fa9d7bb.zip
Improve overflow checks in string catenation.
* lib.c (cat_str, vscat): Use size_t type for the total, so that the wrapping behavior we depend on for overflow detection is well-defined. Also, there was an overflow check missing for the total + 1 beign passed to chk_wmalloc. Instead of adding that overflow check, let's just start the total at 1.
-rw-r--r--lib.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/lib.c b/lib.c
index 467b1785..90137512 100644
--- a/lib.c
+++ b/lib.c
@@ -3896,7 +3896,7 @@ val replace_str(val str_in, val items, val from, val to)
val cat_str(val list, val sep)
{
- cnum total = 0;
+ size_t total = 1;
val iter;
wchar_t *str, *ptr;
wchar_t onech[] = wini(" ");
@@ -3917,7 +3917,7 @@ val cat_str(val list, val sep)
if (!item)
continue;
if (stringp(item)) {
- cnum ntotal = total + c_num(length_str(item));
+ size_t ntotal = total + c_num(length_str(item));
if (len_sep && cdr(iter))
ntotal += len_sep;
@@ -3930,7 +3930,7 @@ val cat_str(val list, val sep)
continue;
}
if (chrp(item)) {
- cnum ntotal = total + 1;
+ size_t ntotal = total + 1;
if (len_sep && cdr(iter))
ntotal += len_sep;
@@ -3946,7 +3946,7 @@ val cat_str(val list, val sep)
item, nao);
}
- str = chk_wmalloc(total + 1);
+ str = chk_wmalloc(total);
for (ptr = str, iter = list; iter != nil; iter = cdr(iter)) {
val item = car(iter);
@@ -3976,7 +3976,7 @@ oflow:
static val vscat(val sep, va_list vl1, va_list vl2)
{
- cnum total = 0;
+ size_t total = 1;
val item, next;
wchar_t *str, *ptr;
cnum len_sep = (!null_or_missing_p(sep)) ? c_num(length_str(sep)) : 0;
@@ -3986,7 +3986,7 @@ static val vscat(val sep, va_list vl1, va_list vl2)
next = va_arg(vl1, val);
if (stringp(item)) {
- cnum ntotal = total + c_num(length_str(item));
+ size_t ntotal = total + c_num(length_str(item));
if (len_sep && next != nao)
ntotal += len_sep;
@@ -3999,7 +3999,7 @@ static val vscat(val sep, va_list vl1, va_list vl2)
continue;
}
if (chrp(item)) {
- cnum ntotal = total + 1;
+ size_t ntotal = total + 1;
if (len_sep && next != nao)
ntotal += len_sep;
@@ -4015,7 +4015,7 @@ static val vscat(val sep, va_list vl1, va_list vl2)
item, nao);
}
- str = chk_wmalloc(total + 1);
+ str = chk_wmalloc(total);
for (ptr = str, item = va_arg(vl2, val); item != nao; item = next)
{