summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAli Alzyod <ali198724@gmail.com>2020-06-22 16:54:51 +0900
committerWooHyun Jung <wh0705.jung@samsung.com>2020-06-22 16:54:51 +0900
commit1bbd03b7683dc6f163fff94130d017367178d0f1 (patch)
treec0b64db7608e6e9b92024b282a3fbba800c42f85
parente3e3d0cfe4d753782d0adc81a68e5cd7ca27c5b9 (diff)
eina_strbuf: resolve segfault when replace used with read_only buffer
Summary: when eina_strbuf_replace is used by read_only buffer, this will cause segfault (access invalid memory) Reviewers: cedric Reviewed By: cedric Subscribers: cedric, #reviewers, #committers Tags: #efl Maniphest Tasks: T8757 Differential Revision: https://phab.enlightenment.org/D11989
-rw-r--r--src/lib/eina/eina_strbuf_common.c7
-rw-r--r--src/tests/eina/eina_test_strbuf.c10
2 files changed, 14 insertions, 3 deletions
diff --git a/src/lib/eina/eina_strbuf_common.c b/src/lib/eina/eina_strbuf_common.c
index e08d4b79fe..ebec119c2a 100644
--- a/src/lib/eina/eina_strbuf_common.c
+++ b/src/lib/eina/eina_strbuf_common.c
@@ -945,6 +945,10 @@ eina_strbuf_replace(Eina_Strbuf *buf,
945 if (n) spos++; 945 if (n) spos++;
946 } 946 }
947 947
948 pos = spos - (const char *)buf->buf;
949 len1 = strlen(str);
950 len2 = strlen(with);
951
948 /* This is a read only buffer which need change to be made */ 952 /* This is a read only buffer which need change to be made */
949 if (buf->ro) 953 if (buf->ro)
950 { 954 {
@@ -956,9 +960,6 @@ eina_strbuf_replace(Eina_Strbuf *buf,
956 buf->buf = dest; 960 buf->buf = dest;
957 } 961 }
958 962
959 pos = spos - (const char *)buf->buf;
960 len1 = strlen(str);
961 len2 = strlen(with);
962 if (len1 != len2) 963 if (len1 != len2)
963 { 964 {
964 /* resize the buffer if necessary */ 965 /* resize the buffer if necessary */
diff --git a/src/tests/eina/eina_test_strbuf.c b/src/tests/eina/eina_test_strbuf.c
index add3ce0963..1d9f52c0d2 100644
--- a/src/tests/eina/eina_test_strbuf.c
+++ b/src/tests/eina/eina_test_strbuf.c
@@ -303,6 +303,16 @@ EFL_START_TEST(eina_test_strbuf_replace)
303 fail_if(strlen(eina_strbuf_string_get(buf)) != eina_strbuf_length_get(buf)); 303 fail_if(strlen(eina_strbuf_string_get(buf)) != eina_strbuf_length_get(buf));
304 fail_if(strcmp(eina_strbuf_string_get(buf), "baaaab")); 304 fail_if(strcmp(eina_strbuf_string_get(buf), "baaaab"));
305 305
306 fail_if(eina_strbuf_replace_first(buf, "a", "b") == 0);
307 fail_if(strcmp(eina_strbuf_string_get(buf), "bbaaab"));
308
309 eina_strbuf_free(buf);
310
311 buf = eina_strbuf_manage_read_only_new_length("baaaab",6);
312 fail_if(!buf);
313 fail_if(eina_strbuf_replace_first(buf, "a", "b") == 0);
314 fail_if(strcmp(eina_strbuf_string_get(buf), "bbaaab"));
315
306 eina_strbuf_free(buf); 316 eina_strbuf_free(buf);
307} 317}
308EFL_END_TEST 318EFL_END_TEST