cpp/openttd-patchpack/source Changeset - r28375:2cad5fe66365

Changeset - r28375:2cad5fe66365

Parent rev.

Child rev.

[Not reviewed]

master

0 3 0

Jonathan G Rennison - 4 months ago 2024-01-01 18:26:31
j.g.rennison@gmail.com

Fix #11644: Off by one error/buffer over-read in StrMakeValid (#11645)

* Fix #11644: Off by one error in StrMakeValid UTF-8 decode overrun detection

* Fix #11644: Off by one error in StrMakeValid buffer last character

* Fix: Unnecessary string duplication at StrMakeValid call sites

3 files changed with 6 insertions and 4 deletions:

src/fileio.cpp

src/ini_load.cpp

src/string.cpp

0 comments (0 inline, 0 general)

src/fileio.cpp

➞

Show inline comments

@@ @@ -486,7 +486,7 @@ static std::string ExtractString(char *b @@
+{
 	size_t length = 0;
 	for (; length < buffer_length && buffer[length] != '\0'; length++) {}
-	return StrMakeValid(std::string(buffer, length));
+	return StrMakeValid(std::string_view(buffer, length));
+}
 bool TarScanner::AddFile(const std::string &filename, size_t, [[maybe_unused]] const std::string &tar_filename)

src/ini_load.cpp

➞

Show inline comments

@@ @@ -284,7 +284,7 @@ void IniLoadFile::LoadFromDisk(const std @@
 			if (!quoted && e == t) {
 				item.value.reset();
 			} else {
-				item.value = StrMakeValid(std::string(t));
+				item.value = StrMakeValid(std::string_view(t));
+			}
 		} else {
 			/* it's an orphan item */

src/string.cpp

➞

Show inline comments

@@ @@ -141,7 +141,7 @@ static void StrMakeValid(T &dst, const c @@
 		 * would also reach the "last" byte of the string and a normal '\0'
 		 * termination will be placed after it.
 		 */
 		if (len == 0 || str + len > last || len != Utf8Decode(&c, str)) {
+		if (len == 0 || str + len > last + 1 || len != Utf8Decode(&c, str)) {
 			/* Maybe the next byte is still a valid character? */
 			str++;
 			continue;
@@ @@ -211,8 +211,10 @@ void StrMakeValidInPlace(char *str, Stri @@
  */
 std::string StrMakeValid(std::string_view str, StringValidationSettings settings)
+{
 	if (str.empty()) return {};
 	auto buf = str.data();
 	auto last = buf + str.size();
+	auto last = buf + str.size() - 1;
 	std::ostringstream dst;
 	std::ostreambuf_iterator<char> dst_iter(dst);

0 comments (0 inline, 0 general)