From 48e482181083ca949aacc3ff285d8ab7c25d5b51 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Tue, 15 Feb 2022 20:55:04 -0600 Subject: [PATCH] Regression: Invalid read in f_directory_create(). Now that this uses f_string_static_t, the string is not necessarily NULL terminated. This new behavior resulted in an invalid read. Redesign to use a range check instead of a NULL check and to include a NULL terminating space in the built string. --- level_1/fl_directory/c/directory.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/level_1/fl_directory/c/directory.c b/level_1/fl_directory/c/directory.c index b7ab091..2642095 100644 --- a/level_1/fl_directory/c/directory.c +++ b/level_1/fl_directory/c/directory.c @@ -27,15 +27,16 @@ extern "C" { f_array_length_t at_path = 0; f_string_static_t tree = f_string_static_t_initialize; - char tree_string[path.used]; + char tree_string[path.used + 1]; tree.string = tree_string; tree.used = path.used; + tree_string[path.used] = 0; - for (; path.string[at_path]; ++at_path) { + for (; at_path < path.used; ++at_path) { if (at_path && path.string[at_path] == f_path_separator_s.string[0]) { memcpy(tree.string, path.string + at_tree, at_path - at_tree); - tree.string[at_path] = 0; + tree.string[at_path - at_tree] = 0; status = f_directory_exists(tree); if (F_status_is_error(status)) return status; -- 1.8.3.1