From eabff49a6ab277d128740c001b3db93437062e6d Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Wed, 4 Mar 2015 15:46:07 -0500 Subject: [PATCH 1/3] Fix buffer underrun found with address sanitizer When subpath is the empty string, the code was reading from subPath[-1] --- Engine/source/platformWin32/winFileio.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Engine/source/platformWin32/winFileio.cpp b/Engine/source/platformWin32/winFileio.cpp index 36900cd15..0aeab392d 100644 --- a/Engine/source/platformWin32/winFileio.cpp +++ b/Engine/source/platformWin32/winFileio.cpp @@ -1306,8 +1306,10 @@ static bool recurseDumpDirectories(const char *basePath, const char *subPath, Ve // Compose our search string - Format : ([path]/[subpath]/*) //----------------------------------------------------------------------------- - char trail = basePath[ dStrlen(basePath) - 1 ]; - char subTrail = subPath ? subPath[ dStrlen(subPath) - 1 ] : '\0'; + dsize_t trLen = basePath ? dStrlen(basePath) : 0; + dsize_t subtrLen = subPath ? dStrlen(subPath) : 0; + char trail = trLen > 0 ? basePath[ trLen - 1 ] : '\0'; + char subTrail = subtrLen > 0 ? subPath[ subtrLen - 1 ] : '\0'; if( trail == '/' ) { From bd49fe3cb0061d2cf36b6fef3f2034155595a48f Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Wed, 4 Mar 2015 15:48:35 -0500 Subject: [PATCH 2/3] Don't call strncpy when src == dest This fixes an error flagged by address sanitizer --- Engine/source/gui/controls/guiTextCtrl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Engine/source/gui/controls/guiTextCtrl.cpp b/Engine/source/gui/controls/guiTextCtrl.cpp index 1b8c8e9e0..3c1f1a8c9 100644 --- a/Engine/source/gui/controls/guiTextCtrl.cpp +++ b/Engine/source/gui/controls/guiTextCtrl.cpp @@ -188,7 +188,7 @@ void GuiTextCtrl::setText(const char *txt) if( !mProfile ) return; - if (txt) + if (txt && txt != mText) dStrncpy(mText, (UTF8*)txt, MAX_STRING_LENGTH); mText[MAX_STRING_LENGTH] = '\0'; From 16af2a126e670c10eb3929c1289269c15107769c Mon Sep 17 00:00:00 2001 From: Ben Payne Date: Fri, 6 Mar 2015 15:36:22 -0500 Subject: [PATCH 3/3] Add a comment --- Engine/source/gui/controls/guiTextCtrl.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Engine/source/gui/controls/guiTextCtrl.cpp b/Engine/source/gui/controls/guiTextCtrl.cpp index 3c1f1a8c9..e1079d8e0 100644 --- a/Engine/source/gui/controls/guiTextCtrl.cpp +++ b/Engine/source/gui/controls/guiTextCtrl.cpp @@ -187,7 +187,9 @@ void GuiTextCtrl::setText(const char *txt) //make sure we don't call this before onAdd(); if( !mProfile ) return; - + + // The txt pointer is sometimes the same as the mText pointer, so make sure + // we don't call strncpy with overlapping src and dest. if (txt && txt != mText) dStrncpy(mText, (UTF8*)txt, MAX_STRING_LENGTH); mText[MAX_STRING_LENGTH] = '\0';