From 47b73d34509ed983da7102fd81c5a8e19ac22301 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Sat, 18 Jul 2020 00:08:58 -0500 Subject: [PATCH] Bugfix: invalid read after buffer. If arguments.used was not incremented, then the arguments.used represents the correct position. If it was incremented, then append that value. The following string triggered the behavior: print Return Code is \"parameter:"return"" --- level_3/fake/c/private-make.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/level_3/fake/c/private-make.c b/level_3/fake/c/private-make.c index ef2d797..ef80713 100644 --- a/level_3/fake/c/private-make.c +++ b/level_3/fake/c/private-make.c @@ -646,7 +646,14 @@ extern "C" { range.start = iki_variable.array[iki_variable.used - 1].stop + 1; range.stop = content.array[i].stop; - *status = fl_string_dynamic_partial_append_nulless(data_make->buffer, range, &arguments->array[arguments->used]); + // if arguments.used was not incremented, then use the value, otherwise arguments.used is past the value to append to, so subtract 1. + if (used_arguments == arguments->used) { + *status = fl_string_dynamic_partial_append_nulless(data_make->buffer, range, &arguments->array[arguments->used]); + } + else { + *status = fl_string_dynamic_partial_append_nulless(data_make->buffer, range, &arguments->array[arguments->used - 1]); + } + if (F_status_is_error(*status)) { fake_print_error(data, F_status_set_fine(*status), "fl_string_dynamic_partial_append_nulless", F_true); break; -- 1.8.3.1