Bugfix: the fl_string_dynamic_terminate() function is not correctly checking the...

In the case of when the array is not allocated (size == 0), the terminate is still checking the string index.
This is an invalid read.

Also, the logic is revered on the string index read.
The check needs to be "!0" instead of "0".

diff --git a/level_1/fl_string/c/string.c b/level_1/fl_string/c/string.c
index 6cc775c9e24c0e583736a670c39aeadfd7163207..ddd83af14d9e5bfbfec18c62ff2e15d02ab4fc63 100644 (file)
--- a/level_1/fl_string/c/string.c
+++ b/level_1/fl_string/c/string.c
@@ -1090,9 +1090,13 @@ extern "C" {
       if (destination->used > destination->size) return F_status_set_error(F_parameter);
     #endif // _di_level_1_parameter_checking_
 
-    if (!destination->used && destination->string[destination->used - 1]) return F_none;
+    if (!destination->used && destination->size && !destination->string[destination->used - 1]) {
+      return F_none;
+    }
 
-    if (destination->used == f_string_length_t_size) return F_status_set_error(F_string_too_large);
+    if (destination->used == f_string_length_t_size) {
+      return F_status_set_error(F_string_too_large);
+    }
 
     const f_string_length_t total = destination->used + 1;
 
@@ -1124,7 +1128,9 @@ extern "C" {
       } // for
     }
 
-    if (destination->used == f_string_length_t_size) return F_status_set_error(F_string_too_large);
+    if (destination->used == f_string_length_t_size) {
+      return F_status_set_error(F_string_too_large);
+    }
 
     const f_string_length_t total = destination->used + 1;