Changeset 2fa0237 for libcfa

Timestamp:

Sep 8, 2023, 12:46:55 AM (8 months ago)

Author:

Michael Brooks <mlbrooks@…>

Branches:

master

Children:

553f032f

Parents:

3ee8853

Message:

Fix cstring input length interpretation issue that had a buffer overflow case.

The cases added to the manipulatorsInput test are runnable against an old libcfa build. In this setup, the test fails with an illustration of the bug.

The testing in this commit drives the following inputs through a length-8 buffer.

• 123456
• 123456789

The obviously-missing cases, like 1234567, will be added later.
They will accompany fixes for further bugs not solved yet.

File:

• libcfa/src/iostream.cfa (modified) (3 diffs)

libcfa/src/iostream.cfa

@@ +1 @@
+
 //
 // Cforall Version 1.0.0 Copyright (C) 2015 University of Waterloo
@@ -976 +977 @@
                 if ( f.flags.ignore ) { fmtstr[1] = '*'; start += 1; }
                 // no maximum width necessary because text ignored => width is read width
-                if ( f.wd != -1 ) { start += sprintf( &fmtstr[start], "%d", f.wd ); }
+                if ( f.wd != -1 ) {
+                        // wd is buffer bytes available (for input chars + null terminator)
+                        // rwd is count of input chars
+                        int rwd = f.flags.rwd ? f.wd : (f.wd - 1);
+                        start += sprintf( &fmtstr[start], "%d", rwd );
+                }
 
                 if ( ! scanset ) {
@@ -993 +999 @@
                 } // if
 
-                int check = f.wd - 1;
+                int check = f.wd - 2;
                 if ( ! f.flags.rwd ) f.s[check] = '\0';                 // insert sentinel
                 len = fmt( is, fmtstr, f.s );