eina_strbuf: resolve segfault when replace used with read_only buffer

Summary: when eina_strbuf_replace is used by read_only buffer, this will cause segfault (access invalid memory)

Reviewers: cedric

Reviewed By: cedric

Subscribers: cedric, #reviewers, #committers

Tags: #efl

Maniphest Tasks: T8757

Differential Revision: https://phab.enlightenment.org/D11989

2 files changed, 14 insertions, 3 deletions

diff --git a/src/lib/eina/eina_strbuf_common.c b/src/lib/eina/eina_strbuf_common.c
index e08d4b79fe..ebec119c2a 100644
--- a/src/lib/eina/eina_strbuf_common.c
+++ b/src/lib/eina/eina_strbuf_common.c
@@ -945,6 +945,10 @@ eina_strbuf_replace(Eina_Strbuf *buf,
         if (n) spos++;
      }
 
+   pos = spos - (const char *)buf->buf;
+   len1 = strlen(str);
+   len2 = strlen(with);
+
    /* This is a read only buffer which need change to be made */
    if (buf->ro)
      {
@@ -956,9 +960,6 @@ eina_strbuf_replace(Eina_Strbuf *buf,
         buf->buf = dest;
      }
 
-   pos = spos - (const char *)buf->buf;
-   len1 = strlen(str);
-   len2 = strlen(with);
    if (len1 != len2)
      {
         /* resize the buffer if necessary */
diff --git a/src/tests/eina/eina_test_strbuf.c b/src/tests/eina/eina_test_strbuf.c
index add3ce0963..1d9f52c0d2 100644
--- a/src/tests/eina/eina_test_strbuf.c
+++ b/src/tests/eina/eina_test_strbuf.c
@@ -303,6 +303,16 @@ EFL_START_TEST(eina_test_strbuf_replace)
    fail_if(strlen(eina_strbuf_string_get(buf)) != eina_strbuf_length_get(buf));
    fail_if(strcmp(eina_strbuf_string_get(buf), "baaaab"));
 
+   fail_if(eina_strbuf_replace_first(buf, "a", "b") == 0);
+   fail_if(strcmp(eina_strbuf_string_get(buf), "bbaaab"));
+
+   eina_strbuf_free(buf);
+
+   buf = eina_strbuf_manage_read_only_new_length("baaaab",6);
+   fail_if(!buf);
+   fail_if(eina_strbuf_replace_first(buf, "a", "b") == 0);
+   fail_if(strcmp(eina_strbuf_string_get(buf), "bbaaab"));
+
    eina_strbuf_free(buf);
 }
 EFL_END_TEST