From: Kevin Day Date: Sat, 18 Jul 2020 05:08:58 +0000 (-0500) Subject: Bugfix: invalid read after buffer. X-Git-Tag: 0.5.0~69 X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=47b73d34509ed983da7102fd81c5a8e19ac22301;p=fll Bugfix: invalid read after buffer. If arguments.used was not incremented, then the arguments.used represents the correct position. If it was incremented, then append that value. The following string triggered the behavior: print Return Code is \"parameter:"return"" --- diff --git a/level_3/fake/c/private-make.c b/level_3/fake/c/private-make.c index ef2d797..ef80713 100644 --- a/level_3/fake/c/private-make.c +++ b/level_3/fake/c/private-make.c @@ -646,7 +646,14 @@ extern "C" { range.start = iki_variable.array[iki_variable.used - 1].stop + 1; range.stop = content.array[i].stop; - *status = fl_string_dynamic_partial_append_nulless(data_make->buffer, range, &arguments->array[arguments->used]); + // if arguments.used was not incremented, then use the value, otherwise arguments.used is past the value to append to, so subtract 1. + if (used_arguments == arguments->used) { + *status = fl_string_dynamic_partial_append_nulless(data_make->buffer, range, &arguments->array[arguments->used]); + } + else { + *status = fl_string_dynamic_partial_append_nulless(data_make->buffer, range, &arguments->array[arguments->used - 1]); + } + if (F_status_is_error(*status)) { fake_print_error(data, F_status_set_fine(*status), "fl_string_dynamic_partial_append_nulless", F_true); break;