diff options
| author | Neil <nyamatongwe@gmail.com> | 2017-03-07 15:54:33 +1100 |
|---|---|---|
| committer | Neil <nyamatongwe@gmail.com> | 2017-03-07 15:54:33 +1100 |
| commit | 25acad3cbc9b56dd0f006e32c94d56824f1669db (patch) | |
| tree | 019f0f646e7e954342ecdb254c941d75067cdcea /src | |
| parent | 996f8a51b5c4138baf95a032e5dc0901c80485f2 (diff) | |
| download | scintilla-mirror-25acad3cbc9b56dd0f006e32c94d56824f1669db.tar.gz | |
Avoid potential problems with memcmp reading past end of object.
Diffstat (limited to 'src')
| -rw-r--r-- | src/Document.cxx | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/Document.cxx b/src/Document.cxx index e7bb9c009..f302533dc 100644 --- a/src/Document.cxx +++ b/src/Document.cxx @@ -1887,7 +1887,7 @@ long Document::FindText(int minPos, int maxPos, const char *search, } } else if (SC_CP_UTF8 == dbcsCodePage) { const size_t maxFoldingExpansion = 4; - std::vector<char> searchThing(lengthFind * UTF8MaxBytes * maxFoldingExpansion + 1); + std::vector<char> searchThing((lengthFind+1) * UTF8MaxBytes * maxFoldingExpansion + 1); const int lenSearch = static_cast<int>( pcf->Fold(&searchThing[0], searchThing.size(), search, lengthFind)); char bytes[UTF8MaxBytes + 1]; @@ -1914,6 +1914,8 @@ long Document::FindText(int minPos, int maxPos, const char *search, break; const int lenFlat = static_cast<int>(pcf->Fold(folded, sizeof(folded), bytes, widthChar)); folded[lenFlat] = 0; + // memcmp may examine lenFlat bytes in both arguments so assert it doesn't read past end of searchThing + assert(static_cast<size_t>(indexSearch + lenFlat) <= searchThing.size()); // Does folded match the buffer characterMatches = 0 == memcmp(folded, &searchThing[0] + indexSearch, lenFlat); if (!characterMatches) @@ -1939,7 +1941,7 @@ long Document::FindText(int minPos, int maxPos, const char *search, } else if (dbcsCodePage) { const size_t maxBytesCharacter = 2; const size_t maxFoldingExpansion = 4; - std::vector<char> searchThing(lengthFind * maxBytesCharacter * maxFoldingExpansion + 1); + std::vector<char> searchThing((lengthFind+1) * maxBytesCharacter * maxFoldingExpansion + 1); const int lenSearch = static_cast<int>( pcf->Fold(&searchThing[0], searchThing.size(), search, lengthFind)); while (forward ? (pos < endPos) : (pos >= endPos)) { @@ -1959,6 +1961,8 @@ long Document::FindText(int minPos, int maxPos, const char *search, char folded[maxBytesCharacter * maxFoldingExpansion + 1]; const int lenFlat = static_cast<int>(pcf->Fold(folded, sizeof(folded), bytes, widthChar)); folded[lenFlat] = 0; + // memcmp may examine lenFlat bytes in both arguments so assert it doesn't read past end of searchThing + assert(static_cast<size_t>(indexSearch + lenFlat) <= searchThing.size()); // Does folded match the buffer characterMatches = 0 == memcmp(folded, &searchThing[0] + indexSearch, lenFlat); indexDocument += widthChar; |