diff --git a/ChangeLog.txt b/ChangeLog.txt index cfb5288528..5d5d3b196b 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -10,6 +10,12 @@ * Change, ! Fix, % Optimization, + Addition, - Removal, ; Comment */ +2014-01-25 00:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) + * contrib/hbct/charlist.c + ! fixed possible heap memory buffer overflow in + CharSList() and CharNoList() + % optimized + 2014-01-24 23:25 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * src/3rd/zlib/Makefile * src/3rd/zlib/zlib.dif diff --git a/contrib/hbct/charlist.c b/contrib/hbct/charlist.c index 208c8d61ab..46c6a3050e 100644 --- a/contrib/hbct/charlist.c +++ b/contrib/hbct/charlist.c @@ -55,78 +55,63 @@ /* helper function for the list function */ void ct_charlist( int iMode ) { - const char * pcString = hb_parcx( 1 ); + const char * pcString = hb_parc( 1 ); HB_SIZE sStrLen = hb_parclen( 1 ); - - HB_SIZE asCharCnt[ 256 ]; HB_SIZE sCnt; - /* init asCharCnt */ - for( sCnt = 0; sCnt < HB_SIZEOFARRAY( asCharCnt ); ++sCnt ) - asCharCnt[ sCnt ] = 0; - - /* count characters */ - if( iMode == CT_CHARLIST_CHARLIST ) + if( iMode == CT_CHARLIST_CHARHIST ) { - char pcRet[ 256 ]; - HB_SIZE sRetStrLen = 0; + HB_SIZE asCharCnt[ UCHAR_MAX ]; + PHB_ITEM pArray = hb_itemArrayNew( HB_SIZEOFARRAY( asCharCnt ) ); + + for( sCnt = 0; sCnt < HB_SIZEOFARRAY( asCharCnt ); ++sCnt ) + asCharCnt[ sCnt ] = 0; - for( sCnt = 0; sCnt < sStrLen; ++sCnt ) - { - if( asCharCnt[ ( HB_UCHAR ) pcString[ sCnt ] ] == 0 ) - { - pcRet[ sRetStrLen++ ] = pcString[ sCnt ]; - asCharCnt[ ( HB_UCHAR ) pcString[ sCnt ] ] = 1; - } - } - hb_retclen( pcRet, sRetStrLen ); - } - else - { for( sCnt = 0; sCnt < sStrLen; ++sCnt ) asCharCnt[ ( HB_UCHAR ) pcString[ sCnt ] ]++; - switch( iMode ) + for( sCnt = 0; sCnt < HB_SIZEOFARRAY( asCharCnt ); ++sCnt ) + hb_arraySetNS( pArray, sCnt + 1, asCharCnt[ sCnt ] ); + + hb_itemReturnRelease( pArray ); + } + else + { + char acCharCnt[ UCHAR_MAX ]; + HB_SIZE sRetStrLen = 0; + + if( iMode == CT_CHARLIST_CHARLIST ) { - case CT_CHARLIST_CHARSLIST: - { - char * pcRet = ( char * ) hb_xgrab( HB_SIZEOFARRAY( asCharCnt ) ); - HB_SIZE sRetStrLen = 0; + char acMark[ UCHAR_MAX ]; - for( sCnt = 0; sCnt < HB_SIZEOFARRAY( asCharCnt ); ++sCnt ) + memset( acMark, 0, sizeof( acMark ) ); + + for( sCnt = 0; sCnt < sStrLen; ++sCnt ) + { + HB_UCHAR uc = ( HB_UCHAR ) pcString[ sCnt ]; + + if( acMark[ uc ] == 0 ) { - if( asCharCnt[ sCnt ] != 0 ) - pcRet[ sRetStrLen++ ] = ( HB_UCHAR ) sCnt; + acCharCnt[ sRetStrLen++ ] = uc; + acMark[ uc ] = 1; } - - hb_retclen_buffer( pcRet, sRetStrLen ); - break; - } - case CT_CHARLIST_CHARNOLIST: - { - char * pcRet = ( char * ) hb_xgrab( HB_SIZEOFARRAY( asCharCnt ) ); - HB_SIZE sRetStrLen = 0; - - for( sCnt = 0; sCnt < HB_SIZEOFARRAY( asCharCnt ); ++sCnt ) - { - if( asCharCnt[ sCnt ] == 0 ) - pcRet[ sRetStrLen++ ] = ( HB_UCHAR ) sCnt; - } - - hb_retclen_buffer( pcRet, sRetStrLen ); - break; - } - case CT_CHARLIST_CHARHIST: - { - PHB_ITEM pArray = hb_itemArrayNew( HB_SIZEOFARRAY( asCharCnt ) ); - - for( sCnt = 0; sCnt < HB_SIZEOFARRAY( asCharCnt ); ++sCnt ) - hb_arraySetNS( pArray, sCnt + 1, asCharCnt[ sCnt ] ); - - hb_itemReturnRelease( pArray ); - break; } } + else if( iMode == CT_CHARLIST_CHARSLIST || iMode == CT_CHARLIST_CHARNOLIST ) + { + char cScan = iMode == CT_CHARLIST_CHARSLIST ? 1 : 0; + + for( sCnt = 0; sCnt < sStrLen; ++sCnt ) + acCharCnt[ ( HB_UCHAR ) pcString[ sCnt ] ] = 1; + + for( sCnt = 0; sCnt < HB_SIZEOFARRAY( acCharCnt ); ++sCnt ) + { + if( acCharCnt[ sCnt ] == cScan ) + acCharCnt[ sRetStrLen++ ] = ( HB_UCHAR ) sCnt; + } + + } + hb_retclen( acCharCnt, sRetStrLen ); } }