From: Kevin Day <thekevinday@gmail.com>
Date: Mon, 28 Aug 2023 03:57:45 +0000 (-0500)
Subject: Security: Invalid allocation size for fll_execute_arguments_add_parameter_set().
X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=fc6851154398f71471a0b2d04c1e22f3db812353;p=fll

Security: Invalid allocation size for fll_execute_arguments_add_parameter_set().

The size should be size * 2 because of the parameter and value are added.
---

diff --git a/level_2/fll_execute/c/execute.c b/level_2/fll_execute/c/execute.c
index a9ea4b7..5fb1d71 100644
--- a/level_2/fll_execute/c/execute.c
+++ b/level_2/fll_execute/c/execute.c
@@ -47,14 +47,17 @@ extern "C" {
       if (!arguments) return F_status_set_error(F_parameter);
     #endif // _di_level_2_parameter_checking_
 
-    f_status_t status = f_memory_array_increase_by(size, sizeof(f_string_dynamic_t), (void **) &arguments->array, &arguments->used, &arguments->size);
+    {
+      f_status_t status = f_memory_array_increase_by(size * 2, sizeof(f_string_dynamic_t), (void **) &arguments->array, &arguments->used, &arguments->size);
 
-    for (f_number_unsigned_t i = 0; F_status_is_error_not(status) && i < size; ++i) {
+      for (f_number_unsigned_t i = 0; i < size; ++i) {
 
-      status = private_fll_execute_arguments_add_parameter(prefix[i], name[i], value[i], arguments);
-    } // for
+        status = private_fll_execute_arguments_add_parameter(prefix[i], name[i], value[i], arguments);
+        if (F_status_is_error(status)) return status;
+      } // for
+    }
 
-    return status;
+    return F_okay;
   }
 #endif // _di_fll_execute_arguments_add_parameter_set_
 
@@ -64,14 +67,17 @@ extern "C" {
       if (!arguments) return F_status_set_error(F_parameter);
     #endif // _di_level_2_parameter_checking_
 
-    f_status_t status = f_memory_array_increase_by(size, sizeof(f_string_dynamic_t), (void **) &arguments->array, &arguments->used, &arguments->size);
+    {
+      f_status_t status = f_memory_array_increase_by(size, sizeof(f_string_dynamic_t), (void **) &arguments->array, &arguments->used, &arguments->size);
 
-    for (f_number_unsigned_t i = 0; F_status_is_error_not(status) && i < size; ++i) {
+      for (f_number_unsigned_t i = 0; i < size; ++i) {
 
-      status = private_fll_execute_arguments_add(source[i], arguments);
-    } // for
+        status = private_fll_execute_arguments_add(source[i], arguments);
+        if (F_status_is_error(status)) return status;
+      } // for
+    }
 
-    return status;
+    return F_okay;
   }
 #endif // _di_fll_execute_arguments_add_set_