From: Jean-Christophe Beaupré Date: Sun, 7 Dec 2014 05:55:36 +0000 (-0500) Subject: ropes: Fix a buffer overflow in `RopeBuffer.add`. X-Git-Tag: v0.7~73^2~3 X-Git-Url: http://nitlanguage.org ropes: Fix a buffer overflow in `RopeBuffer.add`. Signed-off-by: Jean-Christophe Beaupré --- diff --git a/lib/standard/ropes.nit b/lib/standard/ropes.nit index 9ef2f4d..d41c021 100644 --- a/lib/standard/ropes.nit +++ b/lib/standard/ropes.nit @@ -337,14 +337,13 @@ class RopeBuffer redef fun add(c) do var rp = rpos - length += 1 - ns[rp] = c - rp += 1 - if rp == buf_size then - rpos = rp + if rp >= buf_size then dump_buffer rp = 0 end + ns[rp] = c + rp += 1 + length += 1 rpos = rp end diff --git a/tests/sav/test_ropes_buffer_add_overflow.res b/tests/sav/test_ropes_buffer_add_overflow.res new file mode 100644 index 0000000..e69de29 diff --git a/tests/test_ropes_buffer_add_overflow.nit b/tests/test_ropes_buffer_add_overflow.nit new file mode 100644 index 0000000..6482b0e --- /dev/null +++ b/tests/test_ropes_buffer_add_overflow.nit @@ -0,0 +1,28 @@ +# This file is part of NIT ( http://www.nitlanguage.org ). +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Checks that `RopeBuffer.add` does not makes the internal buffer overflow. +# +# Note: In order to help repoducibility, this test read an private attribute of +# the buffer. +module test_ropes_buffer_add_overflow + +import standard +intrude import ropes + +var buffer = new RopeBuffer + +buffer.append("x" * maxlen) +buffer.add 'y' +assert buffer.rpos <= maxlen else print "{buffer.rpos} > {maxlen}"