From ea6290f6668afb5b9b6dadb04ea805ebfc2746e0 Mon Sep 17 00:00:00 2001 From: rlar Date: Sat, 14 May 2016 16:43:34 +0200 Subject: [PATCH] nupa_substitute(), cleanup and a fixme the '&' sequences, which are hopefully nowhere announced and advertised, might increment char pointers beyond the terminating '\0' causing havoc. --- src/frontend/numparam/xpressn.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/frontend/numparam/xpressn.c b/src/frontend/numparam/xpressn.c index 351779537..9bbf35e6f 100644 --- a/src/frontend/numparam/xpressn.c +++ b/src/frontend/numparam/xpressn.c @@ -1182,12 +1182,12 @@ nupa_substitute(dico_t *dico, const char *s, char *r) bug: wont flag overflow! */ { + const char * const s_end = s + strlen(s); bool err = 0; SPICE_DSTRING qstr; /* temp result dynamic string */ spice_dstring_init(&qstr); - const char * const s_end = strchr(s, '\0'); while (s < s_end) { @@ -1234,7 +1234,7 @@ nupa_substitute(dico_t *dico, const char *s, char *r) } else if (c == Intro) { /* skip "&&" which may occur in B source */ - if ((s + 1 < s_end) && (*s == Intro)) { + if ((s < s_end - 1) && (*s == Intro)) { s++; continue; } @@ -1247,7 +1247,7 @@ nupa_substitute(dico_t *dico, const char *s, char *r) const char *kptr = s + 1; int level = 1; - for (; kptr < s_end; kptr++) { + for (; *kptr; kptr++) { char d = *kptr; @@ -1260,7 +1260,7 @@ nupa_substitute(dico_t *dico, const char *s, char *r) break; } - if (kptr >= s_end) { + if (*kptr == '\0') { err = message(dico, "Closing \")\" not found.\n"); goto Lend; } @@ -1276,6 +1276,10 @@ nupa_substitute(dico_t *dico, const char *s, char *r) } else { /* simple identifier may also be string? */ + /* fixme, kptr might point behind the terminating '\0' here + * causing serious troubles in evaluate_variable() + * and/or when updating s + */ const char *kptr = s + 1; for (; kptr < s_end; kptr++) if (*kptr <= ' ')