diff options
Diffstat (limited to 'goo/GString.cc')
| -rw-r--r-- | goo/GString.cc | 68 |
1 files changed, 56 insertions, 12 deletions
diff --git a/goo/GString.cc b/goo/GString.cc index ea0b3ca..adf7739 100644 --- a/goo/GString.cc +++ b/goo/GString.cc @@ -19,6 +19,7 @@ #include <string.h> #include <ctype.h> #include <math.h> +#include <limits.h> #include "gmem.h" #include "GString.h" @@ -100,6 +101,9 @@ static const char *formatStrings[] = { static inline int size(int len) { int delta; for (delta = 8; delta < len && delta < 0x100000; delta <<= 1) ; + if (len > INT_MAX - delta) { + gMemError("Integer overflow in GString::size()"); + } // this is ((len + 1) + (delta - 1)) & ~(delta - 1) return (len + delta) & ~(delta - 1); } @@ -107,6 +111,9 @@ static inline int size(int len) { inline void GString::resize(int length1) { char *s1; + if (length1 < 0) { + gMemError("GString::resize() with negative length"); + } if (!s) { s = new char[size(length1)]; } else if (size(length1) != size(length)) { @@ -161,6 +168,9 @@ GString::GString(GString *str1, GString *str2) { int n2 = str2->getLength(); s = NULL; + if (n1 > INT_MAX - n2) { + gMemError("Integer overflow in GString::GString()"); + } resize(length = n1 + n2); memcpy(s, str1->getCString(), n1); memcpy(s + n1, str2->getCString(), n2 + 1); @@ -168,7 +178,7 @@ GString::GString(GString *str1, GString *str2) { GString *GString::fromInt(int x) { char buf[24]; // enough space for 64-bit ints plus a little extra - char *p; + const char *p; int len; formatInt(x, buf, sizeof(buf), gFalse, 0, 10, &p, &len); @@ -205,6 +215,9 @@ GString *GString::clear() { } GString *GString::append(char c) { + if (length > INT_MAX - 1) { + gMemError("Integer overflow in GString::append()"); + } resize(length + 1); s[length++] = c; s[length] = '\0'; @@ -214,6 +227,9 @@ GString *GString::append(char c) { GString *GString::append(GString *str) { int n = str->getLength(); + if (length > INT_MAX - n) { + gMemError("Integer overflow in GString::append()"); + } resize(length + n); memcpy(s + length, str->getCString(), n + 1); length += n; @@ -223,6 +239,9 @@ GString *GString::append(GString *str) { GString *GString::append(const char *str) { int n = (int)strlen(str); + if (length > INT_MAX - n) { + gMemError("Integer overflow in GString::append()"); + } resize(length + n); memcpy(s + length, str, n + 1); length += n; @@ -230,6 +249,9 @@ GString *GString::append(const char *str) { } GString *GString::append(const char *str, int lengthA) { + if (lengthA < 0 || length > INT_MAX - lengthA) { + gMemError("Integer overflow in GString::append()"); + } resize(length + lengthA); memcpy(s + length, str, lengthA); length += lengthA; @@ -256,7 +278,7 @@ GString *GString::appendfv(const char *fmt, va_list argList) { char buf[65]; int len, i; const char *p0, *p1; - char *str; + const char *str; argsLen = 0; argsSize = 8; @@ -491,13 +513,23 @@ GString *GString::appendfv(const char *fmt, va_list argList) { reverseAlign = !reverseAlign; break; case fmtString: - str = arg.s; - len = (int)strlen(str); + if (arg.s) { + str = arg.s; + len = (int)strlen(str); + } else { + str = "(null)"; + len = 6; + } reverseAlign = !reverseAlign; break; case fmtGString: - str = arg.gs->getCString(); - len = arg.gs->getLength(); + if (arg.gs) { + str = arg.gs->getCString(); + len = arg.gs->getLength(); + } else { + str = "(null)"; + len = 6; + } reverseAlign = !reverseAlign; break; case fmtSpace: @@ -542,11 +574,11 @@ GString *GString::appendfv(const char *fmt, va_list argList) { #ifdef LLONG_MAX void GString::formatInt(long long x, char *buf, int bufSize, GBool zeroFill, int width, int base, - char **p, int *len) { + const char **p, int *len) { #else void GString::formatInt(long x, char *buf, int bufSize, GBool zeroFill, int width, int base, - char **p, int *len) { + const char **p, int *len) { #endif static char vals[17] = "0123456789abcdef"; GBool neg; @@ -580,11 +612,11 @@ void GString::formatInt(long x, char *buf, int bufSize, #ifdef ULLONG_MAX void GString::formatUInt(unsigned long long x, char *buf, int bufSize, GBool zeroFill, int width, int base, - char **p, int *len) { + const char **p, int *len) { #else void GString::formatUInt(Gulong x, char *buf, int bufSize, GBool zeroFill, int width, int base, - char **p, int *len) { + const char **p, int *len) { #endif static char vals[17] = "0123456789abcdef"; int i, j; @@ -608,7 +640,7 @@ void GString::formatUInt(Gulong x, char *buf, int bufSize, } void GString::formatDouble(double x, char *buf, int bufSize, int prec, - GBool trim, char **p, int *len) { + GBool trim, const char **p, int *len) { GBool neg, started; double x2; int d, i, j; @@ -649,6 +681,9 @@ void GString::formatDouble(double x, char *buf, int bufSize, int prec, GString *GString::insert(int i, char c) { int j; + if (length > INT_MAX - 1) { + gMemError("Integer overflow in GString::insert()"); + } resize(length + 1); for (j = length + 1; j > i; --j) s[j] = s[j-1]; @@ -661,6 +696,9 @@ GString *GString::insert(int i, GString *str) { int n = str->getLength(); int j; + if (length > INT_MAX - n) { + gMemError("Integer overflow in GString::insert()"); + } resize(length + n); for (j = length; j >= i; --j) s[j+n] = s[j]; @@ -673,6 +711,9 @@ GString *GString::insert(int i, const char *str) { int n = (int)strlen(str); int j; + if (length > INT_MAX - n) { + gMemError("Integer overflow in GString::insert()"); + } resize(length + n); for (j = length; j >= i; --j) s[j+n] = s[j]; @@ -684,6 +725,9 @@ GString *GString::insert(int i, const char *str) { GString *GString::insert(int i, const char *str, int lengthA) { int j; + if (lengthA < 0 || length > INT_MAX - lengthA) { + gMemError("Integer overflow in GString::insert()"); + } resize(length + lengthA); for (j = length; j >= i; --j) s[j+lengthA] = s[j]; @@ -695,7 +739,7 @@ GString *GString::insert(int i, const char *str, int lengthA) { GString *GString::del(int i, int n) { int j; - if (i >= 0 && n > 0 && i + n > 0) { + if (i >= 0 && n > 0 && i <= INT_MAX - n) { if (i + n > length) { n = length - i; } |