thanks, patches applied to master. regards,
On Sat, May 25, 2013 at 9:33 AM, Zeying Xie <[email protected]> wrote: > Hi, > Here are patches for fixing some Monkey string problems: > > [1/2] String: validate length of substring first to avoid extra memory > allocation and release > In the current source code, `mk_string_copy_substr` allocate a memory for > substring and then it determine whether `pos_init` is larger than > `pos_end`. If so, it release the previous allocated memory. This is > unnecessary if we compare `pos_init` and `pos_end` first. > What's more, the length of substring is given by `unsigned int size; size > = (unsigned int) (pos_end - pos_init) + 1;`, `pos_init` and `pos_end` are > both defined as `int`. Someone can take advantage of this by passing > invalid argument on purpose, because converting a negative number to an > unsigned one will result in a big number. Doing the compare first also > solve this problem. > > [2/2] Config: fix substring length for copy > When copying the value substring from a configuration line, the end > position should be `len - indent_len - i`, because we are counting from > `buf + indent_len +i`. This may lead to a segment fault if `i` is large > enough. > > Best Regards, > swpd > -- Eduardo Silva http://edsiper.linuxchile.cl http://www.monkey-project.com
_______________________________________________ Monkey mailing list [email protected] http://lists.monkey-project.com/listinfo/monkey
