Bugfix: add buffer overflow checks

author Kevin Day <kevin@kevux.org>

Tue, 20 Mar 2012 03:10:50 +0000 (22:10 -0500)

committer Kevin Day <kevin@kevux.org>

Tue, 20 Mar 2012 03:10:50 +0000 (22:10 -0500)
author Kevin Day <kevin@kevux.org>
Tue, 20 Mar 2012 03:10:50 +0000 (22:10 -0500)
committer Kevin Day <kevin@kevux.org>
Tue, 20 Mar 2012 03:10:50 +0000 (22:10 -0500)
diff --git a/level_1/fl_fss/c/fss_basic.c b/level_1/fl_fss/c/fss_basic.c

index 1db7f0eb2ce2146fddd22a68c712308c145e488d..d4c8610249ea648a21e4c13591fb44897aef51ff 100644 (file)
--- a/level_1/fl_fss/c/fss_basic.c
+++ b/level_1/fl_fss/c/fss_basic.c
@@ -300,7 +300,7 @@ extern "C"{
      if (buffer.string[input->start] == f_fss_delimit_slash) {
        f_string_length delimit_slash_count = 0;
  
-      while (input->start <= input->stop) {
+      while (input->start <= input->stop && input->start < buffer.used) {
          if (buffer.string[input->start] == f_fss_delimit_placeholder) {
            input->start++;
            continue;
@@ -348,7 +348,7 @@ extern "C"{
        input->start++;
      }
  
-    while (input->start <= input->stop) {
+    while (input->start <= input->stop && input->start < buffer.used) {
        if (buffer.string[input->start] == f_fss_delimit_placeholder) {
          input->start++;
          continue;
@@ -357,11 +357,11 @@ extern "C"{
  
          input->start++;
  
-        while (input->start <= input->stop && isspace(buffer.string[input->start])) {
+        while (input->start <= input->stop && input->start < buffer.used && isspace(buffer.string[input->start])) {
            input->start++;
          } // while
  
-        if (input->start > input->stop) {
+        if (input->start > input->stop || input->start >= buffer.used) {
            object->string[first_space] = f_fss_basic_open;
            object->used = object_position.stop + 1;
            break;
@@ -374,7 +374,7 @@ extern "C"{
          object->string[object_position.stop] = f_fss_delimit_double_quote;
          object_position.stop++;
  
-        while (input->start <= input->stop) {
+        while (input->start <= input->stop && input->start < buffer.used) {
            if (buffer.string[input->start] == f_fss_delimit_placeholder) {
              input->start++;
              continue;
@@ -400,7 +400,7 @@ extern "C"{
  
                fl_macro_fss_skip_past_delimit_placeholders(buffer, (*input));
  
-              if (input->start > input->stop) {
+              if (input->start > input->stop || input->start >= buffer.used) {
                  break;
                }
  
@@ -478,7 +478,7 @@ extern "C"{
        if (f_macro_test_for_allocation_errors(status)) return status;
      }
  
-    while (input->start <= input->stop) {
+    while (input->start <= input->stop && input->start < buffer.used) {
        if (buffer.string[input->start] != f_eol && buffer.string[input->start] != f_fss_delimit_placeholder) {
          content->string[content_position.stop] = buffer.string[input->start];
          content_position.stop++;
diff --git a/level_1/fl_fss/c/fss_extended.c b/level_1/fl_fss/c/fss_extended.c

index 75b2202496eea2a7a2d6411a236f5df151ea2284..903bc2992deb5ac5e6e976fbea7539af945cfce0 100644 (file)
--- a/level_1/fl_fss/c/fss_extended.c
+++ b/level_1/fl_fss/c/fss_extended.c
@@ -432,7 +432,7 @@ extern "C"{
      if (buffer.string[input->start] == f_fss_delimit_slash) {
        f_string_length delimit_slash_count = 0;
  
-      while (input->start <= input->stop) {
+      while (input->start <= input->stop && input->start < buffer.used) {
          if (buffer.string[input->start] == f_fss_delimit_placeholder) {
            input->start++;
            continue;
@@ -480,7 +480,7 @@ extern "C"{
        input->start++;
      }
  
-    while (input->start <= input->stop) {
+    while (input->start <= input->stop && input->start < buffer.used) {
        if (buffer.string[input->start] == f_fss_delimit_placeholder) {
          input->start++;
          continue;
@@ -489,11 +489,11 @@ extern "C"{
  
          input->start++;
  
-        while (input->start <= input->stop && isspace(buffer.string[input->start])) {
+        while (input->start <= input->stop && input->start < buffer.used && isspace(buffer.string[input->start])) {
            input->start++;
          } // while
  
-        if (input->start > input->stop) {
+        if (input->start > input->stop || input->start >= buffer.used) {
            object->string[first_space] = f_fss_extended_open;
            object->used = object_position.stop + 1;
            break;
@@ -506,7 +506,7 @@ extern "C"{
          object->string[object_position.stop] = f_fss_delimit_double_quote;
          object_position.stop++;
  
-        while (input->start <= input->stop) {
+        while (input->start <= input->stop && input->start < buffer.used) {
            if (buffer.string[input->start] == f_fss_delimit_placeholder) {
              input->start++;
              continue;
@@ -532,7 +532,7 @@ extern "C"{
  
                fl_macro_fss_skip_past_delimit_placeholders(buffer, (*input));
  
-              if (input->start > input->stop) {
+              if (input->start > input->stop || input->start >= buffer.used) {
                  break;
                }
author	Kevin Day <kevin@kevux.org>
	Tue, 20 Mar 2012 03:10:50 +0000 (22:10 -0500)
committer	Kevin Day <kevin@kevux.org>
	Tue, 20 Mar 2012 03:10:50 +0000 (22:10 -0500)
level_1/fl_fss/c/fss_basic.c		patch \| blob \| history
level_1/fl_fss/c/fss_extended.c		patch \| blob \| history