* fixed buffer overflows in int_str() + test

git-svn-id: trunk@8395 -
2025-04-19 20:19:25 +02:00 · 2007-09-07 14:06:08 +00:00 · 2007-09-07 14:06:08 +00:00 · 9bd4fe433b
commit 9bd4fe433b
parent bd0532f158
3 changed files with 150 additions and 10 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -7133,6 +7133,7 @@ tests/test/units/system/teststk.pp svneol=native#text/plain
 tests/test/units/system/testux.txt svneol=native#text/plain
 tests/test/units/system/tincdec.pp svneol=native#text/plain
 tests/test/units/system/tint.pp svneol=native#text/plain
+tests/test/units/system/tintstr.pp svneol=native#text/plain
 tests/test/units/system/tio.pp svneol=native#text/plain
 tests/test/units/system/tiorte.pp svneol=native#text/plain
 tests/test/units/system/tjmp.pp svneol=native#text/plain
--- a/rtl/inc/generic.inc
+++ b/rtl/inc/generic.inc
@ -1149,16 +1149,21 @@ var
  m,m1 : longword;
  pc,pc2 : pchar;
  hs : string[32];
+  b : longint;
 begin
  pc2:=@s[1];
  if (l<0) then
    begin
+      b:=1;
      pc2^:='-';
      inc(pc2);
      m:=longword(-l);
    end
  else
-    m:=longword(l);
+    begin
+      b:=0;
+      m:=longword(l);
+    end;
  pc:=@hs[0];
  repeat
    inc(pc);
@ -1166,13 +1171,15 @@ begin
    pc^:=char(m-(m1*10)+byte('0'));
    m:=m1;
  until m=0;
-  while (pc>pchar(@hs[0])) do
+  while (pc>pchar(@hs[0])) and
+        (b<high(s)) do
    begin
      pc2^:=pc^;
      dec(pc);
      inc(pc2);
+      inc(b);
    end;
-  s[0]:=char(pc2-pchar(@s[1]));
+  s[0]:=chr(b);
 end;

 {$endif ndef FPC_SYSTEM_HAS_INT_STR_LONGINT}
@ -1182,6 +1189,7 @@ end;
 procedure int_str(l:longword;out s:string);
 var
  m1 : longword;
+  b: longint;
  pc,pc2 : pchar;
  hs : string[32];
 begin
@ -1193,13 +1201,16 @@ begin
    pc^:=char(l-(m1*10)+byte('0'));
    l:=m1;
  until l=0;
-  while (pc>pchar(@hs[0])) do
+  b:=0;
+  while (pc>pchar(@hs[0])) and
+        (b<high(s)) do
    begin
      pc2^:=pc^;
      dec(pc);
      inc(pc2);
+      inc(b);
    end;
-  s[0]:=char(pc2-pchar(@s[1]));
+  s[0]:=chr(b);
 end;

 {$endif ndef FPC_SYSTEM_HAS_INT_STR_LONGWORD}
@ -1210,17 +1221,22 @@ procedure int_str(l:int64;out s:string);
 var
  m,m1 : qword;
  pc,pc2 : pchar;
+  b: longint;
  hs : string[64];
 begin
  pc2:=@s[1];
  if (l<0) then
    begin
+      b:=1;
      pc2^:='-';
      inc(pc2);
      m:=qword(-l);
    end
  else
-    m:=qword(l);
+    begin
+      b:=0;
+      m:=qword(l);
+    end;
  pc:=@hs[0];
  repeat
    inc(pc);
@ -1228,13 +1244,15 @@ begin
    pc^:=char(m-(m1*10)+byte('0'));
    m:=m1;
  until m=0;
-  while (pc>pchar(@hs[0])) do
+  while (pc>pchar(@hs[0])) and
+        (b < high(s)) do
    begin
      pc2^:=pc^;
      dec(pc);
      inc(pc2);
+      inc(b);
    end;
-  s[0]:=char(pc2-pchar(@s[1]));
+  s[0]:=chr(b);
 end;

 {$endif ndef FPC_SYSTEM_HAS_INT_STR_INT64}
@ -1245,6 +1263,7 @@ procedure int_str(l:qword;out s:string);
 var
  m1 : qword;
  pc,pc2 : pchar;
+  b: longint;
  hs : string[64];
 begin
  pc2:=@s[1];
@ -1255,13 +1274,16 @@ begin
    pc^:=char(l-(m1*10)+byte('0'));
    l:=m1;
  until l=0;
-  while (pc>pchar(@hs[0])) do
+  b:=0;
+  while (pc>pchar(@hs[0])) and
+        (b<high(s)) do
    begin
      pc2^:=pc^;
      dec(pc);
      inc(pc2);
+      inc(b);
    end;
-  s[0]:=char(pc2-pchar(@s[1]));
+  s[0]:=chr(b);
 end;

 {$endif ndef FPC_SYSTEM_HAS_INT_STR_QWORD}
--- a/tests/test/units/system/tintstr.pp
+++ b/tests/test/units/system/tintstr.pp
@ -0,0 +1,117 @@
+var
+  l: longint;
+  c: cardinal;
+  i: int64;
+  q: qword;
+
+procedure ts1(const res1, res2, res3, res4: string);
+var
+  r: packed record
+    s: string[1];
+    b1,b2,b3,b4: byte;
+  end;
+begin
+  with r do
+    begin
+      b1:=0;
+      b2:=0;
+      b3:=0;
+      b4:=0;
+      str(l,s);
+      if (res1<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(1);
+
+      str(c,s);
+      if (res2<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(2);
+
+      str(i,s);
+      if (res3<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(3);
+
+      str(q,s);
+      if (res4<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(4);
+    end;
+end;
+
+
+
+procedure ts3(const res1, res2, res3, res4: string);
+var
+  r: packed record
+    s: string[3];
+    b1,b2,b3,b4: byte;
+  end;
+begin
+  with r do
+    begin
+      b1:=0;
+      b2:=0;
+      b3:=0;
+      b4:=0;
+      str(l,s);
+      if (res1<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(1);
+
+      str(c,s);
+      if (res2<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(2);
+
+      str(i,s);
+      if (res3<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(3);
+
+      str(q,s);
+      if (res4<>s) or
+         (b1<>0) or
+         (b2<>0) or
+         (b3<>0) or
+         (b4<>0) then
+        halt(4);
+    end;
+end;
+
+
+begin
+  l:=high(longint);
+  c:=high(cardinal);
+  i:=high(int64);
+  q:=high(qword);
+  ts1('2','4','9','1');
+  ts3('214','429','922','184');
+  l:=low(longint)+1;
+  c:=high(cardinal)-1;
+  i:=low(int64)+1;
+  q:=high(qword)-1;
+  ts1('-','4','-','1');
+  ts3('-21','429','-92','184');
+end.