From 05622443bd87db21513b22124c965ff9d95fea4c Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Wed, 3 Jun 2020 00:01:16 -0500 Subject: [PATCH] Bugfix: memory leak in f_execute_*_environment() functions, handle no-slash case, fix memcpy() I failed to clear memory on some return on error cases. Using "sizeof(f_string_length) *" in memcpy is nonsense here, its a char, which is size 1! When there is no '/' in the path, strrchr() return 0. In this situation, just consider the entire path the file name. --- level_2/fll_execute/c/execute.c | 63 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 59 insertions(+), 4 deletions(-) diff --git a/level_2/fll_execute/c/execute.c b/level_2/fll_execute/c/execute.c index bf7aecf..e2579d3 100644 --- a/level_2/fll_execute/c/execute.c +++ b/level_2/fll_execute/c/execute.c @@ -206,7 +206,22 @@ extern "C" { last_slash = strrchr(program_path, '/'); - if (last_slash != 0) { + if (last_slash == 0) { + name_size = strnlen(program_path, f_path_max); + + if (name_size > 1) { + f_macro_string_new(status, program_name, name_size + 1); + + if (F_status_is_error(status)) return status; + + memcpy(program_name, program_path, name_size); + memset(program_name, name_size, 0); + } + else { + name_size = 0; + } + } + else { name_size = strnlen(last_slash, f_path_max); if (name_size > 1) { @@ -214,7 +229,7 @@ extern "C" { if (F_status_is_error(status)) return status; - memcpy(program_name, last_slash + 1, sizeof(f_string_length) * name_size); + memcpy(program_name, last_slash + 1, name_size); memset(program_name, name_size, 0); } else { @@ -251,9 +266,21 @@ extern "C" { status = f_file_exists(program_path); if (F_status_is_error(status)) { + if (name_size > 0) f_macro_string_delete_simple(program_name, name_size); + + for (f_string_length i = 0; i < arguments.used; i++) { + f_macro_string_delete_simple(fixed_arguments[i + 1], arguments.array[i].used + 1); + } // for + return status; } else if (status == F_false) { + if (name_size > 0) f_macro_string_delete_simple(program_name, name_size); + + for (f_string_length i = 0; i < arguments.used; i++) { + f_macro_string_delete_simple(fixed_arguments[i + 1], arguments.array[i].used + 1); + } // for + return F_status_set_error(F_file_found_not); } @@ -318,7 +345,22 @@ extern "C" { last_slash = strrchr(program_path, '/'); - if (last_slash != 0) { + if (last_slash == 0) { + name_size = strnlen(program_path, f_path_max); + + if (name_size > 1) { + f_macro_string_new(status, program_name, name_size + 1); + + if (F_status_is_error(status)) return status; + + memcpy(program_name, program_path, name_size); + memset(program_name, name_size, 0); + } + else { + name_size = 0; + } + } + else { name_size = strnlen(last_slash, f_path_max); if (name_size > 1) { @@ -326,7 +368,7 @@ extern "C" { if (F_status_is_error(status)) return status; - memcpy(program_name, last_slash + 1, sizeof(f_string_length) * name_size); + memcpy(program_name, last_slash + 1, name_size); memset(program_name, name_size, 0); } else { @@ -362,10 +404,23 @@ extern "C" { fixed_arguments[arguments.used + 2] = 0; status = f_file_exists(program_path); + if (F_status_is_error(status)) { + if (name_size > 0) f_macro_string_delete_simple(program_name, name_size); + + for (f_string_length i = 0; i < arguments.used; i++) { + f_macro_string_delete_simple(fixed_arguments[i + 1], arguments.array[i].used + 1); + } // for + return status; } else if (status == F_false) { + if (name_size > 0) f_macro_string_delete_simple(program_name, name_size); + + for (f_string_length i = 0; i < arguments.used; i++) { + f_macro_string_delete_simple(fixed_arguments[i + 1], arguments.array[i].used + 1); + } // for + return F_status_set_error(F_file_found_not); } -- 1.8.3.1