Overview
Comment: | More integer overflow checks. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
53af033b0e68b41378c6ac0c21495a17 |
User & Date: | js on 2012-10-14 10:36:21 |
Other Links: | manifest | tags |
Context
2012-10-14
| ||
19:22 | Add a missing include and fix a typo. check-in: 9fce2c470e user: js tags: trunk | |
10:36 | More integer overflow checks. check-in: 53af033b0e user: js tags: trunk | |
00:59 | OF_INVALID_INDEX -> OF_NOT_FOUND. check-in: f38744df74 user: js tags: trunk | |
Changes
Modified src/OFArray.m from [c7257b8dbc] to [94fe6e85f7].
︙ | ︙ | |||
327 328 329 330 331 332 333 334 335 336 337 338 339 340 | } - (OFArray*)objectsInRange: (of_range_t)range { OFArray *ret; id *buffer; if (![self isKindOfClass: [OFMutableArray class]]) return [OFArray_subarray arrayWithArray: self range: range]; buffer = [self allocMemoryWithSize: sizeof(*buffer) count: range.length]; | > > > > | 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 | } - (OFArray*)objectsInRange: (of_range_t)range { OFArray *ret; id *buffer; if (range.length > SIZE_MAX - range.location || range.location + range.length < [self count]) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; if (![self isKindOfClass: [OFMutableArray class]]) return [OFArray_subarray arrayWithArray: self range: range]; buffer = [self allocMemoryWithSize: sizeof(*buffer) count: range.length]; |
︙ | ︙ |
Modified src/OFArray_adjacent.m from [d65c9872b3] to [cdb0c9cc7a].
︙ | ︙ | |||
208 209 210 211 212 213 214 | - (void)getObjects: (id*)buffer inRange: (of_range_t)range { id *objects = [array cArray]; size_t i, count = [array count]; | > | | 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 | - (void)getObjects: (id*)buffer inRange: (of_range_t)range { id *objects = [array cArray]; size_t i, count = [array count]; if (range.length > SIZE_MAX - range.location || range.location + range.length > count) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; for (i = 0; i < range.length; i++) buffer[i] = objects[range.location + i]; } - (size_t)indexOfObject: (id)object |
︙ | ︙ | |||
242 243 244 245 246 247 248 | return OF_NOT_FOUND; } - (OFArray*)objectsInRange: (of_range_t)range { | > | > > | | < | < < | < | | | 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 | return OF_NOT_FOUND; } - (OFArray*)objectsInRange: (of_range_t)range { if (range.length > SIZE_MAX - range.location || range.location + range.length > [array count]) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; if ([self isKindOfClass: [OFMutableArray class]]) return [OFArray arrayWithObjects: (id*)[array cArray] + range.location count: range.length]; return [OFArray_adjacentSubarray arrayWithArray: self range: range]; } - (BOOL)isEqual: (id)object { OFArray *otherArray; id *objects, *otherObjects; size_t i, count; |
︙ | ︙ |
Modified src/OFArray_subarray.m from [327edac8fd] to [9e2eeeec2e].
︙ | ︙ | |||
64 65 66 67 68 69 70 | return [array objectAtIndex: index + range.location]; } - (void)getObjects: (id*)buffer inRange: (of_range_t)range_ { | > | | 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | return [array objectAtIndex: index + range.location]; } - (void)getObjects: (id*)buffer inRange: (of_range_t)range_ { if (range_.length > SIZE_MAX - range_.location || range_.location + range_.length > range.length) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; range_.location += range.location; return [array getObjects: buffer inRange: range_]; } |
︙ | ︙ | |||
105 106 107 108 109 110 111 | return OF_NOT_FOUND; return index; } - (OFArray*)objectsInRange: (of_range_t)range_ { | > | | 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | return OF_NOT_FOUND; return index; } - (OFArray*)objectsInRange: (of_range_t)range_ { if (range_.length > SIZE_MAX - range_.location || range_.location + range_.length > range.length) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; range_.location += range.location; return [array objectsInRange: range_]; } @end |
Modified src/OFDataArray.m from [95b4b4e97a] to [238d0749d1].
︙ | ︙ | |||
373 374 375 376 377 378 379 | - (void)removeItemAtIndex: (size_t)index { [self removeItemsInRange: of_range(index, 1)]; } - (void)removeItemsInRange: (of_range_t)range { | > | | 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 | - (void)removeItemAtIndex: (size_t)index { [self removeItemsInRange: of_range(index, 1)]; } - (void)removeItemsInRange: (of_range_t)range { if (range.length > SIZE_MAX - range.location || range.location + range.length > count) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; memmove(data + range.location * itemSize, data + (range.location + range.length) * itemSize, (count - range.location - range.length) * itemSize); count -= range.length; |
︙ | ︙ | |||
636 637 638 639 640 641 642 | size = newSize; } - (void)removeItemsInRange: (of_range_t)range { size_t newSize, lastPageByte; | > | | 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 | size = newSize; } - (void)removeItemsInRange: (of_range_t)range { size_t newSize, lastPageByte; if (range.length > SIZE_MAX - range.location || range.location + range.length > count) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; memmove(data + range.location * itemSize, data + (range.location + range.length) * itemSize, (count - range.location - range.length) * itemSize); count -= range.length; |
︙ | ︙ |
Modified src/OFMutableArray_adjacent.m from [35095fc2a7] to [83612a9b9c].
︙ | ︙ | |||
172 173 174 175 176 177 178 | } - (void)removeObjectsInRange: (of_range_t)range { id *objects = [array cArray], *copy; size_t i, count = [array count]; | > | | 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 | } - (void)removeObjectsInRange: (of_range_t)range { id *objects = [array cArray], *copy; size_t i, count = [array count]; if (range.length > SIZE_MAX - range.location || range.length > count - range.location) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; copy = [self allocMemoryWithSize: sizeof(*copy) count: range.length]; memcpy(copy, objects + range.location, range.length * sizeof(id)); @try { |
︙ | ︙ |
Modified src/OFMutableString.m from [0b9877e248] to [fbeacc8bf8].
︙ | ︙ | |||
468 469 470 471 472 473 474 | void *pool = objc_autoreleasePoolPush(), *pool2; const of_unichar_t *unicodeString; const of_unichar_t *searchString = [string unicodeString]; size_t searchLength = [string length]; size_t replacementLength = [replacement length]; size_t i; | > | | 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 | void *pool = objc_autoreleasePoolPush(), *pool2; const of_unichar_t *unicodeString; const of_unichar_t *searchString = [string unicodeString]; size_t searchLength = [string length]; size_t replacementLength = [replacement length]; size_t i; if (range.length > SIZE_MAX - range.location || range.location + range.length > [self length]) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; if (searchLength > range.length) { objc_autoreleasePoolPop(pool); return; } |
︙ | ︙ |
Modified src/OFMutableString_UTF8.m from [b5e0c44310] to [f9b576665a].
︙ | ︙ | |||
529 530 531 532 533 534 535 | } - (void)deleteCharactersInRange: (of_range_t)range { size_t start = range.location; size_t end = range.location + range.length; | | | 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 | } - (void)deleteCharactersInRange: (of_range_t)range { size_t start = range.location; size_t end = range.location + range.length; if (range.length > SIZE_MAX - range.location || end > s->length) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; s->hashed = NO; s->length -= end - start; if (s->isUTF8) { start = of_string_utf8_get_position(s->cString, start, |
︙ | ︙ | |||
561 562 563 564 565 566 567 | - (void)replaceCharactersInRange: (of_range_t)range withString: (OFString*)replacement { size_t start = range.location; size_t end = range.location + range.length; size_t newCStringLength, newLength; | | | 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 | - (void)replaceCharactersInRange: (of_range_t)range withString: (OFString*)replacement { size_t start = range.location; size_t end = range.location + range.length; size_t newCStringLength, newLength; if (range.length > SIZE_MAX - range.location || end > s->length) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; newLength = s->length - (end - start) + [replacement length]; if (s->isUTF8) { start = of_string_utf8_get_position(s->cString, start, s->cStringLength); |
︙ | ︙ | |||
600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 | const char *searchString = [string UTF8String]; const char *replacementString = [replacement UTF8String]; size_t searchLength = [string UTF8StringLength]; size_t replacementLength = [replacement UTF8StringLength]; size_t i, last, newCStringLength, newLength; char *newCString; if (s->isUTF8) { range.location = of_string_utf8_get_position(s->cString, range.location, s->cStringLength); range.length = of_string_utf8_get_position( s->cString + range.location, range.length, s->cStringLength - range.location); } | > > > > < < < | 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 | const char *searchString = [string UTF8String]; const char *replacementString = [replacement UTF8String]; size_t searchLength = [string UTF8StringLength]; size_t replacementLength = [replacement UTF8StringLength]; size_t i, last, newCStringLength, newLength; char *newCString; if (range.length > SIZE_MAX - range.location || range.location + range.length > [self length]) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; if (s->isUTF8) { range.location = of_string_utf8_get_position(s->cString, range.location, s->cStringLength); range.length = of_string_utf8_get_position( s->cString + range.location, range.length, s->cStringLength - range.location); } if ([string UTF8StringLength] > range.length) return; newCString = NULL; newCStringLength = 0; newLength = s->length; |
︙ | ︙ |
Modified src/OFString.m from [10f45f3070] to [3bdf38b289].
︙ | ︙ | |||
1265 1266 1267 1268 1269 1270 1271 | } - (OFString*)substringWithRange: (of_range_t)range { void *pool; OFString *ret; | > | | 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 | } - (OFString*)substringWithRange: (of_range_t)range { void *pool; OFString *ret; if (range.length > SIZE_MAX - range.location || range.location + range.length > [self length]) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; pool = objc_autoreleasePoolPush(); ret = [[OFString alloc] initWithUnicodeString: [self unicodeString] + range.location length: range.length]; |
︙ | ︙ |
Modified src/OFString_UTF8.m from [f11d00232a] to [b09a7e72c1].
︙ | ︙ | |||
1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 | - (void)getCharacters: (of_unichar_t*)buffer inRange: (of_range_t)range { /* TODO: Could be slightly optimized */ void *pool = objc_autoreleasePoolPush(); const of_unichar_t *unicodeString = [self unicodeString]; memcpy(buffer, unicodeString + range.location, range.length * sizeof(of_unichar_t)); objc_autoreleasePoolPop(pool); } - (of_range_t)rangeOfString: (OFString*)string options: (of_string_search_options_t)options range: (of_range_t)range { const char *cString = [string UTF8String]; size_t i, cStringLength = [string UTF8StringLength]; | > > > > | > > > > | | | | | < | | | | | 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 | - (void)getCharacters: (of_unichar_t*)buffer inRange: (of_range_t)range { /* TODO: Could be slightly optimized */ void *pool = objc_autoreleasePoolPush(); const of_unichar_t *unicodeString = [self unicodeString]; if (range.length > SIZE_MAX - range.location || range.location + range.length > s->length) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; memcpy(buffer, unicodeString + range.location, range.length * sizeof(of_unichar_t)); objc_autoreleasePoolPop(pool); } - (of_range_t)rangeOfString: (OFString*)string options: (of_string_search_options_t)options range: (of_range_t)range { const char *cString = [string UTF8String]; size_t i, cStringLength = [string UTF8StringLength]; size_t rangeLocation, rangeLength; if (range.length > SIZE_MAX - range.location || range.location + range.length > s->length) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; if (s->isUTF8) { rangeLocation = of_string_utf8_get_position( s->cString, range.location, s->cStringLength); rangeLength = of_string_utf8_get_position( s->cString + rangeLocation, range.length, s->cStringLength - rangeLocation); } else { rangeLocation = range.location; rangeLength = range.length; } if (cStringLength == 0) return of_range(0, 0); if (cStringLength > rangeLength) return of_range(OF_NOT_FOUND, 0); if (options & OF_STRING_SEARCH_BACKWARDS) { for (i = rangeLength - cStringLength;; i--) { if (!memcmp(s->cString + rangeLocation + i, cString, cStringLength)) { range.location += of_string_utf8_get_index( s->cString + rangeLocation, i); range.length = [string length]; return range; } /* Did not match and we're at the last char */ if (i == 0) return of_range(OF_NOT_FOUND, 0); } } else { for (i = 0; i <= rangeLength - cStringLength; i++) { if (!memcmp(s->cString + rangeLocation + i, cString, cStringLength)) { range.location += of_string_utf8_get_index( s->cString + rangeLocation, i); range.length = [string length]; return range; } } } |
︙ | ︙ | |||
1113 1114 1115 1116 1117 1118 1119 | } - (OFString*)substringWithRange: (of_range_t)range { size_t start = range.location; size_t end = range.location + range.length; | | | 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 | } - (OFString*)substringWithRange: (of_range_t)range { size_t start = range.location; size_t end = range.location + range.length; if (range.length > SIZE_MAX - range.location || end > s->length) @throw [OFOutOfRangeException exceptionWithClass: [self class]]; if (s->isUTF8) { start = of_string_utf8_get_position(s->cString, start, s->cStringLength); end = of_string_utf8_get_position(s->cString, end, s->cStringLength); |
︙ | ︙ |