[tdbf-cvs] SF.net SVN: tdbf:[866] trunk/src/dbf_prscore.pas

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 866
          http://sourceforge.net/p/tdbf/code/866
Author:   twm
Date:     2026-03-07 18:17:23 +0000 (Sat, 07 Mar 2026)
Log Message:
-----------
Fix FuncSubString buffer overread on out-of-range arguments

Clamp index and count to valid ranges to match dBASE semantics:
- Negative/zero position: clamp index to 0 (start of string)
- Position beyond string length: return empty string
- Negative count: clamp to 0
Without these guards, negative index causes pointer arithmetic before
the buffer start, and negative count causes undefined behavior in Move.

Modified Paths:
--------------
    trunk/src/dbf_prscore.pas

Modified: trunk/src/dbf_prscore.pas
===================================================================

--- trunk/src/dbf_prscore.pas	2026-03-07 17:15:35 UTC (rev 865)
+++ trunk/src/dbf_prscore.pas	2026-03-07 18:17:23 UTC (rev 866)
@@ -1645,9 +1645,18 @@
 begin
   srcLen := dbfStrLen(Param^.Args[0]);
   index := PInteger(Param^.Args[1])^ - 1;
+  if index < 0 then
+    index := 0;
+  if index >= srcLen then
+  begin
+    Param^.Res.Append(Param^.Args[0], 0);
+    exit;
+  end;
   if Param^.Args[2] <> nil then
   begin
     count := PInteger(Param^.Args[2])^;
+    if count < 0 then
+      count := 0;
     if index + count > srcLen then
       count := srcLen - index;
   end else

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



