Changeset: c729ee7c51ff for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/c729ee7c51ff
Modified Files:
gdk/gdk_string.c
Branch: Jun2023
Log Message:
Fix an out-of-bounds write by making sure enough bytes are allocated.
diffs (65 lines):
diff --git a/gdk/gdk_string.c b/gdk/gdk_string.c
--- a/gdk/gdk_string.c
+++ b/gdk/gdk_string.c
@@ -765,7 +765,7 @@ concat_strings(BAT **bnp, ValPtr pt, BAT
{
oid gid;
BUN i, p, nils = 0;
- size_t *restrict lengths = NULL, *restrict lastseplength = NULL,
separator_length = 0, next_length;
+ size_t *restrict lengths = NULL, separator_length = 0, next_length;
str *restrict astrings = NULL;
BATiter bi, bis = (BATiter) {0};
BAT *bn = NULL;
@@ -926,9 +926,7 @@ concat_strings(BAT **bnp, ValPtr pt, BAT
* each group, then the the total offset */
lengths = GDKzalloc(ngrp * sizeof(*lengths));
astrings = GDKmalloc(ngrp * sizeof(str));
- if (sep)
- lastseplength = GDKzalloc(ngrp *
sizeof(*lastseplength));
- if (lengths == NULL || astrings == NULL || (sep &&
lastseplength == NULL)) {
+ if (lengths == NULL || astrings == NULL) {
goto finish;
}
/* at first, set astrings[i] to str_nil, then for each
@@ -970,14 +968,11 @@ concat_strings(BAT **bnp, ValPtr pt, BAT
if (!strNil(sl)) {
next_length =
strlen(sl);
lengths[gid] +=
next_length;
- lastseplength[gid] =
next_length;
- } else
- lastseplength[gid] = 0;
+ }
astrings[gid] = NULL;
} else if (!skip_nils) {
nils++;
lengths[gid] = (size_t) -1;
- lastseplength[gid] = 0;
astrings[gid] = (char *)
str_nil;
}
}
@@ -988,7 +983,7 @@ concat_strings(BAT **bnp, ValPtr pt, BAT
if (separator) {
for (i = 0; i < ngrp; i++) {
if (astrings[i] == NULL) {
- if ((astrings[i] = GDKmalloc(lengths[i]
+ 1 - separator_length)) == NULL) {
+ if ((astrings[i] = GDKmalloc(lengths[i]
+ 1)) == NULL) {
goto finish;
}
astrings[i][0] = 0;
@@ -1000,7 +995,7 @@ concat_strings(BAT **bnp, ValPtr pt, BAT
assert(sep != NULL);
for (i = 0; i < ngrp; i++) {
if (astrings[i] == NULL) {
- if ((astrings[i] = GDKmalloc(lengths[i]
+ 1 - lastseplength[i])) == NULL) {
+ if ((astrings[i] = GDKmalloc(lengths[i]
+ 1)) == NULL) {
goto finish;
}
astrings[i][0] = 0;
@@ -1076,7 +1071,6 @@ concat_strings(BAT **bnp, ValPtr pt, BAT
if (has_nils)
*has_nils = nils;
GDKfree(lengths);
- GDKfree(lastseplength);
if (astrings) {
for (i = 0; i < ngrp; i++) {
if (astrings[i] != str_nil)
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org
