[EGIT] [core/efl] master 01/01: eina_strbuf: resolve segfault when replace used with read_only buffer

Mon, 22 Jun 2020 00:59:23 -0700 

woohyun pushed a commit to branch master.

http://git.enlightenment.org/core/efl.git/commit/?id=1bbd03b7683dc6f163fff94130d017367178d0f1

commit 1bbd03b7683dc6f163fff94130d017367178d0f1
Author: Ali Alzyod <ali198...@gmail.com>
Date:   Mon Jun 22 16:54:51 2020 +0900

    eina_strbuf: resolve segfault when replace used with read_only buffer
    
    Summary: when eina_strbuf_replace is used by read_only buffer, this will 
cause segfault (access invalid memory)
    
    Reviewers: cedric
    
    Reviewed By: cedric
    
    Subscribers: cedric, #reviewers, #committers
    
    Tags: #efl
    
    Maniphest Tasks: T8757
    
    Differential Revision: https://phab.enlightenment.org/D11989
---
 src/lib/eina/eina_strbuf_common.c |  7 ++++---
 src/tests/eina/eina_test_strbuf.c | 10 ++++++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/lib/eina/eina_strbuf_common.c 
b/src/lib/eina/eina_strbuf_common.c
index e08d4b79fe..ebec119c2a 100644
--- a/src/lib/eina/eina_strbuf_common.c
+++ b/src/lib/eina/eina_strbuf_common.c
@@ -945,6 +945,10 @@ eina_strbuf_replace(Eina_Strbuf *buf,
         if (n) spos++;
      }
 
+   pos = spos - (const char *)buf->buf;
+   len1 = strlen(str);
+   len2 = strlen(with);
+
    /* This is a read only buffer which need change to be made */
    if (buf->ro)
      {
@@ -956,9 +960,6 @@ eina_strbuf_replace(Eina_Strbuf *buf,
         buf->buf = dest;
      }
 
-   pos = spos - (const char *)buf->buf;
-   len1 = strlen(str);
-   len2 = strlen(with);
    if (len1 != len2)
      {
         /* resize the buffer if necessary */
diff --git a/src/tests/eina/eina_test_strbuf.c 
b/src/tests/eina/eina_test_strbuf.c
index add3ce0963..1d9f52c0d2 100644
--- a/src/tests/eina/eina_test_strbuf.c
+++ b/src/tests/eina/eina_test_strbuf.c
@@ -303,6 +303,16 @@ EFL_START_TEST(eina_test_strbuf_replace)
    fail_if(strlen(eina_strbuf_string_get(buf)) != eina_strbuf_length_get(buf));
    fail_if(strcmp(eina_strbuf_string_get(buf), "baaaab"));
 
+   fail_if(eina_strbuf_replace_first(buf, "a", "b") == 0);
+   fail_if(strcmp(eina_strbuf_string_get(buf), "bbaaab"));
+
+   eina_strbuf_free(buf);
+
+   buf = eina_strbuf_manage_read_only_new_length("baaaab",6);
+   fail_if(!buf);
+   fail_if(eina_strbuf_replace_first(buf, "a", "b") == 0);
+   fail_if(strcmp(eina_strbuf_string_get(buf), "bbaaab"));
+
    eina_strbuf_free(buf);
 }
 EFL_END_TEST

--

Reply via email to