checking for buffer overflow in insertChars function
This commit is contained in:
prozessorkern
parent
a5bd5c57ab
commit
c1f42d8239
@ -162,46 +162,51 @@ void utils_forwardCursor(shellmatta_instance_t *inst, uint32_t length)
|
|||||||
* @param[in] inst pointer to shellmatta instance
|
* @param[in] inst pointer to shellmatta instance
|
||||||
* @param[in] data pointer to the data to be inserted
|
* @param[in] data pointer to the data to be inserted
|
||||||
* @param[in] length length of the data to be inserted
|
* @param[in] length length of the data to be inserted
|
||||||
* @todo this function shall check buffer overflows
|
|
||||||
*/
|
*/
|
||||||
void utils_insertChars( shellmatta_instance_t *inst,
|
void utils_insertChars( shellmatta_instance_t *inst,
|
||||||
char *data,
|
char *data,
|
||||||
uint32_t length)
|
uint32_t length)
|
||||||
{
|
{
|
||||||
if(0u != length)
|
uint32_t tmpLength = length;
|
||||||
|
/** -# limit the length to the space left in the buffer */
|
||||||
|
if((inst->inputCount + tmpLength) > inst->bufferSize)
|
||||||
{
|
{
|
||||||
|
tmpLength = inst->bufferSize - inst->inputCount;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(0u != tmpLength)
|
||||||
|
{
|
||||||
|
|
||||||
/** -# check if we have to move chars in the buffer */
|
/** -# check if we have to move chars in the buffer */
|
||||||
if( (inst->cursor != inst->inputCount)
|
if( (inst->cursor != inst->inputCount)
|
||||||
&& (SHELLMATTA_MODE_INSERT == inst->mode))
|
&& (SHELLMATTA_MODE_INSERT == inst->mode))
|
||||||
{
|
{
|
||||||
/** -# move the existing chars */
|
/** -# move the existing chars */
|
||||||
for ( uint32_t i = inst->inputCount;
|
for (uint32_t i = inst->inputCount; i > inst->cursor; i --)
|
||||||
i > inst->cursor;
|
|
||||||
i --)
|
|
||||||
{
|
{
|
||||||
inst->buffer[i + length - 1] = inst->buffer[i - 1];
|
inst->buffer[i + tmpLength - 1] = inst->buffer[i - 1];
|
||||||
}
|
}
|
||||||
|
|
||||||
/** -# store and print the new chars */
|
/** -# store and print the new chars */
|
||||||
memcpy(&(inst->buffer[inst->cursor]), data, length);
|
memcpy(&(inst->buffer[inst->cursor]), data, tmpLength);
|
||||||
utils_writeEcho(inst, data, length);
|
utils_writeEcho(inst, data, tmpLength);
|
||||||
|
|
||||||
/** -# print the other chars and restore the cursor to this position */
|
/** -# print the other chars and restore the cursor to this position */
|
||||||
utils_eraseLine(inst);
|
utils_eraseLine(inst);
|
||||||
utils_saveCursorPos(inst);
|
utils_saveCursorPos(inst);
|
||||||
utils_writeEcho( inst,
|
utils_writeEcho( inst,
|
||||||
&(inst->buffer[inst->cursor + length]),
|
&(inst->buffer[inst->cursor + tmpLength]),
|
||||||
inst->inputCount - inst->cursor);
|
inst->inputCount - inst->cursor);
|
||||||
utils_restoreCursorPos(inst);
|
utils_restoreCursorPos(inst);
|
||||||
inst->cursor += length;
|
inst->cursor += tmpLength;
|
||||||
inst->inputCount += length;
|
inst->inputCount += tmpLength;
|
||||||
}
|
}
|
||||||
/** -# overwrite - if the cursor reaches the end of the input it is pushed further */
|
/** -# overwrite - if the cursor reaches the end of the input it is pushed further */
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
memcpy(&(inst->buffer[inst->cursor]), data, length);
|
memcpy(&(inst->buffer[inst->cursor]), data, tmpLength);
|
||||||
utils_writeEcho(inst, data, length);
|
utils_writeEcho(inst, data, tmpLength);
|
||||||
inst->cursor += length;
|
inst->cursor += tmpLength;
|
||||||
if(inst->cursor > inst->inputCount)
|
if(inst->cursor > inst->inputCount)
|
||||||
{
|
{
|
||||||
inst->inputCount = inst->cursor;
|
inst->inputCount = inst->cursor;
|
||||||
|
|||||||
@ -123,3 +123,58 @@ TEST_CASE( "shellmatta_insertChars 0 length" ) {
|
|||||||
CHECK( memcmp("\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", write_data, sizeof(write_data) ) == 0u );
|
CHECK( memcmp("\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", write_data, sizeof(write_data) ) == 0u );
|
||||||
REQUIRE( memcmp("abcdefghij\0\0\0\0\0\0\0\0\0", buffer, sizeof(buffer)) == 0);
|
REQUIRE( memcmp("abcdefghij\0\0\0\0\0\0\0\0\0", buffer, sizeof(buffer)) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST_CASE( "shellmatta_insertChars buffer full" ) {
|
||||||
|
|
||||||
|
shellmatta_instance_t inst;
|
||||||
|
char buffer[20] = "abcdefghij\0\0\0\0\0\0\0\0\0";
|
||||||
|
|
||||||
|
memset(&inst, 0, sizeof(inst));
|
||||||
|
inst.buffer = buffer;
|
||||||
|
inst.bufferSize = 20;
|
||||||
|
inst.cursor = 8;
|
||||||
|
inst.inputCount = 10;
|
||||||
|
inst.echoEnabled = true;
|
||||||
|
|
||||||
|
inst.write = writeFct;
|
||||||
|
|
||||||
|
write_callCnt = 0u;
|
||||||
|
memset(write_data, 0, sizeof(write_data));
|
||||||
|
write_idx = 0u;
|
||||||
|
|
||||||
|
utils_insertChars(&inst, (char*)"blksdflsd kfjlk", 10u);
|
||||||
|
|
||||||
|
CHECK( inst.cursor == 18u );
|
||||||
|
CHECK( inst.inputCount == 20u );
|
||||||
|
CHECK( write_callCnt == 5u );
|
||||||
|
CHECK( memcmp("blksdflsd ", write_data, 10u ) == 0u );
|
||||||
|
REQUIRE( memcmp("abcdefghblksdflsd ij", buffer, sizeof(buffer)) == 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
TEST_CASE( "shellmatta_insertChars buffer overflow by 1" ) {
|
||||||
|
|
||||||
|
shellmatta_instance_t inst;
|
||||||
|
char buffer[20] = "abcdefghij\0\0\0\0\0\0\0\0\0";
|
||||||
|
|
||||||
|
memset(&inst, 0, sizeof(inst));
|
||||||
|
inst.buffer = buffer;
|
||||||
|
inst.bufferSize = 20;
|
||||||
|
inst.cursor = 8;
|
||||||
|
inst.inputCount = 10;
|
||||||
|
inst.echoEnabled = true;
|
||||||
|
|
||||||
|
inst.write = writeFct;
|
||||||
|
|
||||||
|
write_callCnt = 0u;
|
||||||
|
memset(write_data, 0, sizeof(write_data));
|
||||||
|
write_idx = 0u;
|
||||||
|
|
||||||
|
utils_insertChars(&inst, (char*)"blksdflsd kfjlk", 11u);
|
||||||
|
|
||||||
|
CHECK( inst.cursor == 18u );
|
||||||
|
CHECK( inst.inputCount == 20u );
|
||||||
|
CHECK( write_callCnt == 5u );
|
||||||
|
CHECK( memcmp("blksdflsd ", write_data, 10u ) == 0u );
|
||||||
|
REQUIRE( memcmp("abcdefghblksdflsd ij", buffer, sizeof(buffer)) == 0);
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user