Hi,
lok did find some bug generated by my previous patch for
evas_object_textblock. It was too simple :) So here is a new set of
patch that solve all the buffer overflow and without breaking
textblock this time.
--
Cedric BAIL
From da3bff749f61107df38d3ce2a7c1001331e8661b Mon Sep 17 00:00:00 2001
From: Cedric BAIL <[EMAIL PROTECTED]>
Date: Wed, 5 Mar 2008 13:10:03 +0100
Subject: [PATCH] Complete fix for evas_object_textblock character append.
---
src/lib/canvas/evas_object_textblock.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/lib/canvas/evas_object_textblock.c b/src/lib/canvas/evas_object_textblock.c
index 7afd9f5..857100c 100644
--- a/src/lib/canvas/evas_object_textblock.c
+++ b/src/lib/canvas/evas_object_textblock.c
@@ -259,14 +259,14 @@ _strbuf_append(char *s, const char *s2, int *len, int *alloc)
return strdup("");
}
l2 = strlen(s2);
- tlen = *len + l2 + 1;
- if (tlen > *alloc)
+ tlen = *len + l2;
+ if (tlen + 1 > *alloc)
{
char *ts;
int talloc;
- talloc = ((tlen + 31) >> 5) << 5;
- ts = realloc(s, talloc + 1);
+ talloc = ((tlen + 32) >> 5) << 5;
+ ts = realloc(s, talloc);
if (!ts) return s;
s = ts;
*alloc = talloc;
--
1.5.4.GIT
From 2e4d3c8ad36586d5a51b65c401e55373d58e40b0 Mon Sep 17 00:00:00 2001
From: Cedric BAIL <[EMAIL PROTECTED]>
Date: Wed, 5 Mar 2008 13:12:43 +0100
Subject: [PATCH] Fix all other strbuf manipulation functions.
---
src/lib/canvas/evas_object_textblock.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/lib/canvas/evas_object_textblock.c b/src/lib/canvas/evas_object_textblock.c
index 857100c..902f861 100644
--- a/src/lib/canvas/evas_object_textblock.c
+++ b/src/lib/canvas/evas_object_textblock.c
@@ -291,12 +291,12 @@ _strbuf_append_n(char *s, char *s2, int n, int *len, int *alloc)
for (p = s2; (l2 < n) && (*p != 0); p++, l2++);
}
tlen = *len + l2;
- if (tlen > *alloc)
+ if (tlen + 1 > *alloc)
{
char *ts;
int talloc;
- talloc = ((tlen + 31) >> 5) << 5;
+ talloc = ((tlen + 32) >> 5) << 5;
ts = realloc(s, talloc + 1);
if (!ts) return s;
s = ts;
@@ -320,12 +320,12 @@ _strbuf_insert(char *s, char *s2, int pos, int *len, int *alloc)
else if (pos > *len) pos = *len;
l2 = strlen(s2);
tlen = *len + l2;
- if (tlen > *alloc)
+ if (tlen + 1 > *alloc)
{
char *ts;
int talloc;
- talloc = ((tlen + 31) >> 5) << 5;
+ talloc = ((tlen + 32) >> 5) << 5;
ts = realloc(s, talloc + 1);
if (!ts) return s;
s = ts;
--
1.5.4.GIT
From 57b6fa12b6ae0c4c36c65956a3280dc25bfe7342 Mon Sep 17 00:00:00 2001
From: Cedric BAIL <[EMAIL PROTECTED]>
Date: Wed, 5 Mar 2008 13:17:15 +0100
Subject: [PATCH] Remove unnecessary +1.
---
src/lib/canvas/evas_object_textblock.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib/canvas/evas_object_textblock.c b/src/lib/canvas/evas_object_textblock.c
index 902f861..baf1bb2 100644
--- a/src/lib/canvas/evas_object_textblock.c
+++ b/src/lib/canvas/evas_object_textblock.c
@@ -297,7 +297,7 @@ _strbuf_append_n(char *s, char *s2, int n, int *len, int *alloc)
int talloc;
talloc = ((tlen + 32) >> 5) << 5;
- ts = realloc(s, talloc + 1);
+ ts = realloc(s, talloc);
if (!ts) return s;
s = ts;
*alloc = talloc;
@@ -326,7 +326,7 @@ _strbuf_insert(char *s, char *s2, int pos, int *len, int *alloc)
int talloc;
talloc = ((tlen + 32) >> 5) << 5;
- ts = realloc(s, talloc + 1);
+ ts = realloc(s, talloc);
if (!ts) return s;
s = ts;
*alloc = talloc;
--
1.5.4.GIT
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
enlightenment-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
