luke
/
xschem
mirror of https://github.com/StefanSchippers/xschem.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed a possible out of bound array writing (crash) on malformed graph bussed nodes in get_bus_idx_array()

This commit is contained in:
Stefan Frederik 2022-09-10 01:39:30 +02:00
parent 193cf397bd
commit 9c636cbee1
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/draw.c
View File

@ -1697,18 +1697,22 @@ static SPICE_DATA **get_bus_idx_array(const char *ntok, int *n_bits)
char *saven, *nptr, *ntok_copy = NULL;
const char *bit_name;
*n_bits = count_items(ntok, ";,", "") - 1;
/* dbg(0, "get_bus_idx_array(): ntok=%s\n", ntok); */
/* dbg(0, "get_bus_idx_array(): *n_bits=%d\n", *n_bits); */
idx_arr = my_malloc(1454, (*n_bits) * sizeof(SPICE_DATA *));
p = 0;
my_strdup2(1402, &ntok_copy, ntok);
nptr = ntok_copy;
my_strtok_r(nptr, ";,", "", &saven); /*strip off bus name (1st field) */
while( (bit_name = my_strtok_r(NULL, ",", "", &saven)) ) {
while( (bit_name = my_strtok_r(NULL, ";,", "", &saven)) ) {
int idx;
if(p >= *n_bits) break; /* security check to avoid out of bound writing */
if( (idx = get_raw_index(bit_name)) != -1) {
idx_arr[p] = xctx->graph_values[idx];
} else {
idx_arr[p] = NULL;
}
/* dbg(0, "get_bus_idx_array(): bit_name=%s, p=%d\n", bit_name, p); */
p++;
}
my_free(1404, &ntok_copy);