From 61b8cac2b3a3ef7b1898d96c33b8c593b8c51656 Mon Sep 17 00:00:00 2001 From: Stojan Dimitrovski Date: Sun, 12 Jan 2020 00:26:36 +0100 Subject: [PATCH] Fix pointer decoding issue --- src-input/duk_bi_json.c | 4 ++-- src-input/duk_util_misc.c | 22 ++++++++++------------ 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/src-input/duk_bi_json.c b/src-input/duk_bi_json.c index e0410bf3f3..364a1c3446 100644 --- a/src-input/duk_bi_json.c +++ b/src-input/duk_bi_json.c @@ -568,10 +568,10 @@ DUK_LOCAL void duk__dec_pointer(duk_json_dec_ctx *js_ctx) { voidptr = NULL; - if (encsz > 0 && encsz <= sizeof(pcpy)) { + if (encsz > 1 && encsz <= sizeof(pcpy)) { duk_memzero(pcpy, sizeof(pcpy)); duk_memcpy(pcpy, p, encsz); - pcpy[encsz] = 0; /* copied ')' change to NUL */ + pcpy[encsz - 1] = 0; /* copied ')' change to NUL */ duk_decode_pointer_cstr(pcpy, encsz, &voidptr); } diff --git a/src-input/duk_util_misc.c b/src-input/duk_util_misc.c index 3b1f59581c..0907bf5b0c 100644 --- a/src-input/duk_util_misc.c +++ b/src-input/duk_util_misc.c @@ -197,24 +197,20 @@ DUK_INTERNAL duk_size_t duk_encode_pointer_cstr(char* buf, duk_size_t sz, void* duk_memzero(buf, sz); - if (sz < 2 * sizeof(ptraccess.bytes) + 1) { + if (sz < 2 * sizeof(void*) + 1) { return 0; } - for (i = 0; i < sz; i++) { - buf[i] = 0; - } - ptraccess.ptr = ptr; - for (i = 0; i < sizeof(ptraccess.bytes); i++) { + for (i = 0; i < sizeof(void*); i++) { buf[2 * i + 0] = hex[(ptraccess.bytes[i] >> 4) & 0xF]; buf[2 * i + 1] = hex[(ptraccess.bytes[i] >> 0) & 0xF]; } - return 2 * sizeof(ptraccess.bytes); + return 2 * sizeof(void*); #else - int compsize = DUK_SNPRINTF(buf, sz, "%p", ptr); + int compsize = DUK_SNPRINTF(buf, sz, DUK_STR_FMT_PTR, ptr); if (compsize > 0 && ((duk_size_t) compsize) < sz) { return (duk_size_t) compsize; @@ -235,11 +231,11 @@ DUK_INTERNAL int duk_decode_pointer_cstr(const char* buf, duk_size_t sz, void** *ptr = NULL; - if (sz <= 2 * sizeof(ptraccess.bytes) || 0 != buf[sz]) { + if (sz < 2 * sizeof(void*) + 1 || 0 != buf[sz]) { return 0; /* syntax error */ } - for (i = 0; i < 2 * sizeof(ptraccess.bytes); i++) { + for (i = 0; i < 2 * sizeof(void*); i++) { if (buf[i] >= '0' && buf[i] <= '9') { continue; } @@ -251,18 +247,20 @@ DUK_INTERNAL int duk_decode_pointer_cstr(const char* buf, duk_size_t sz, void** return 0; /* syntax error */ } - for (i = 0; i < sizeof(ptraccess.bytes); i++) { + for (i = 0; i < sizeof(void*); i++) { a = (unsigned char) buf[2 * i + 0]; b = (unsigned char) buf[2 * i + 1]; if (a >= 'a') { a -= 'a'; + a += 10; } else { a -= '0'; } if (b >= 'a') { b -= 'a'; + b += 10; } else { b -= '0'; } @@ -287,7 +285,7 @@ DUK_INTERNAL int duk_decode_pointer_cstr(const char* buf, duk_size_t sz, void** goto syntax_error; safe_sscanf: - res = DUK_SSCANF(buf, "%p", ptr); + res = DUK_SSCANF(buf, DUK_STR_FMT_PTR, ptr); if (1 != res) { goto syntax_error;