+added an assertion when buffer overflow in the STR statement.

2016-05-20 14:24:49 +08:00 · 2016-05-20 14:24:49 +08:00 · 270f679340
commit 270f679340
parent f83c12ca57
2 changed files with 12 additions and 4 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+May. 20 2016
+Added an assertion when buffer overflow in STR
+
 May. 19 2016
 Added UTF8 BOM detection even with MB_ENABLE_UNICODE disabled
 Fixed a bug in ASC with UTF8 character
--- a/core/my_basic.c
+++ b/core/my_basic.c
@ -15119,6 +15119,7 @@ static int _std_str(mb_interpreter_t* s, void** l) {
 	int result = MB_FUNC_OK;
 	mb_value_t arg;
 	char* chr = 0;
+	const size_t size = 32;

 	mb_assert(s && l);

@ -15130,15 +15131,19 @@ static int _std_str(mb_interpreter_t* s, void** l) {

 	mb_check(mb_attempt_close_bracket(s, l));

-	chr = (char*)mb_malloc(32);
-	memset(chr, 0, 32);
+	chr = (char*)mb_malloc(size);
+	memset(chr, 0, size);
 	switch(arg.type) {
 	case MB_DT_INT:
-		sprintf(chr, MB_INT_FMT, arg.value.integer);
+		if((size_t)sprintf(chr, MB_INT_FMT, arg.value.integer) >= size) {
+			mb_assert(0 && "Buffer overflow.");
+		}

 		break;
 	case MB_DT_REAL:
-		sprintf(chr, MB_REAL_FMT, arg.value.float_point);
+		if((size_t)sprintf(chr, MB_REAL_FMT, arg.value.float_point) >= size) {
+			mb_assert(0 && "Buffer overflow.");
+		}

 		break;
 	default: