From c6b16ea51a14b801079f51c102ba68ffa8c4517a Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Tue, 15 Feb 2022 18:53:25 -0600 Subject: [PATCH] Bugfix: Invalid read because NULL is added to list but then f_string_dynamic_append_nulless() is used. The NULL doesn't matter if the function being called specifically ignores it. This mistake causes invalid memory reads. --- level_3/fake/c/private-make-load_fakefile.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/level_3/fake/c/private-make-load_fakefile.c b/level_3/fake/c/private-make-load_fakefile.c index 22b1892..a775669 100644 --- a/level_3/fake/c/private-make-load_fakefile.c +++ b/level_3/fake/c/private-make-load_fakefile.c @@ -534,8 +534,15 @@ extern "C" { break; } - // Include the terminating NULL when copying. - ++name_define.used; + data_make->setting_build.environment.array[data_make->setting_build.environment.used].used = 0; + + status = f_string_dynamic_increase_by(name_define.used + 1, &data_make->setting_build.environment.array[data_make->setting_build.environment.used]); + + if (F_status_is_error(status)) { + fll_error_print(data_make->main->error, F_status_set_fine(status), "f_string_dynamic_increase_by", F_true); + + break; + } status = f_string_dynamic_append_nulless(name_define, &data_make->setting_build.environment.array[data_make->setting_build.environment.used]); @@ -545,8 +552,15 @@ extern "C" { break; } - // Set the terminating NULL to not being normally included. - --data_make->setting_build.environment.array[data_make->setting_build.environment.used++].used; + status = f_string_dynamic_terminate_after(&data_make->setting_build.environment.array[data_make->setting_build.environment.used]); + + if (F_status_is_error(status)) { + fll_error_print(data_make->main->error, F_status_set_fine(status), "f_string_dynamic_terminate_after", F_true); + + break; + } + + ++data_make->setting_build.environment.used; } else if (data_make->main->warning.verbosity == f_console_verbosity_verbose_e) { flockfile(data_make->main->warning.to.stream); -- 1.8.3.1