Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Prevent stack overflow

Large strings can overflow the stack:

    crash() ->
        cecho:start(0,0),
        S = lists:duplicate(8192*1024*2, "x"),
        cecho:mvaddstr(0,0,S).

Fix the problem by putting the data on the heap.
  • Loading branch information...
commit a70554cd84afdd5bf3c53203cd640baa0726f864 1 parent 8c6d81f
@msantos authored
Showing with 36 additions and 8 deletions.
  1. +36 −8 c_src/cecho.c
View
44 c_src/cecho.c
@@ -224,11 +224,18 @@ void do_addch(state *st) {
void do_addstr(state *st) {
int arity;
long strlen;
+ char *str = NULL;
+ int code = 0;
ei_decode_tuple_header(st->args, &(st->index), &arity);
ei_decode_long(st->args, &(st->index), &strlen);
- char str[strlen+1];
+ if ( (str = calloc(strlen+1, 1)) == NULL) {
+ encode_ok_reply(st, ENOMEM);
+ return;
+ }
ei_decode_string(st->args, &(st->index), str);
- encode_ok_reply(st, addnstr(str, strlen));
+ code = addnstr(str, strlen);
+ free(str);
+ encode_ok_reply(st, code);
}
void do_move(state *st) {
@@ -340,13 +347,20 @@ void do_mvaddch(state *st) {
void do_mvaddstr(state *st) {
int arity;
long strlen, y, x;
+ char *str = NULL;
+ int code = 0;
ei_decode_tuple_header(st->args, &(st->index), &arity);
ei_decode_long(st->args, &(st->index), &y);
ei_decode_long(st->args, &(st->index), &x);
ei_decode_long(st->args, &(st->index), &strlen);
- char str[strlen+1];
+ if ( (str = calloc(strlen+1, 1)) == NULL) {
+ encode_ok_reply(st, ENOMEM);
+ return;
+ }
ei_decode_string(st->args, &(st->index), str);
- encode_ok_reply(st, mvaddnstr((int)y, (int)x, str, (int)strlen));
+ code = mvaddnstr((int)y, (int)x, str, (int)strlen);
+ free(str);
+ encode_ok_reply(st, code);
}
void do_newwin(state *st) {
@@ -393,12 +407,19 @@ void do_wmove(state *st) {
void do_waddstr(state *st) {
int arity;
long slot, strlen;
+ char *str = NULL;
+ int code = 0;
ei_decode_tuple_header(st->args, &(st->index), &arity);
ei_decode_long(st->args, &(st->index), &slot);
ei_decode_long(st->args, &(st->index), &strlen);
- char str[strlen+1];
+ if ( (str = calloc(strlen+1, 1)) == NULL) {
+ encode_ok_reply(st, ENOMEM);
+ return;
+ }
ei_decode_string(st->args, &(st->index), str);
- encode_ok_reply(st, waddnstr(st->win[slot], str, strlen));
+ code = waddnstr(st->win[slot], str, strlen);
+ free(str);
+ encode_ok_reply(st, code);
}
void do_waddch(state *st) {
@@ -414,14 +435,21 @@ void do_waddch(state *st) {
void do_mvwaddstr(state *st) {
int arity;
long slot, y, x, strlen;
+ char *str = NULL;
+ int code = 0;
ei_decode_tuple_header(st->args, &(st->index), &arity);
ei_decode_long(st->args, &(st->index), &slot);
ei_decode_long(st->args, &(st->index), &y);
ei_decode_long(st->args, &(st->index), &x);
ei_decode_long(st->args, &(st->index), &strlen);
- char str[strlen+1];
+ if ( (str = calloc(strlen+1, 1)) == NULL) {
+ encode_ok_reply(st, ENOMEM);
+ return;
+ }
ei_decode_string(st->args, &(st->index), str);
- encode_ok_reply(st, mvwaddnstr(st->win[slot], (int)y, (int)x, str, strlen));
+ code = mvwaddnstr(st->win[slot], (int)y, (int)x, str, strlen);
+ free(str);
+ encode_ok_reply(st, code);
}
void do_mvwaddch(state *st) {
Please sign in to comment.
Something went wrong with that request. Please try again.