Menu
▾
▴
#47 crash due to invalid access in simplestring_addn function
Hi Team,
In function simplestring_addn:
void simplestring_addn(simplestring target, const char source, int add_len) {
...
...
if(target->str) {
if(add_len) {
memcpy(target->str + target->len, source, add_len);
}
target->len += add_len;
target->str[target->len] = 0; /* null terminate */ // (1) crash here
}
}
}
target->len is declared as int, so it could has negative (when string length is larger than 2Gb) value then an sign extension operation could cause target->len has a very big value and crash in the access to target->str[target->len].
Please issue a fix. Thanks.
