-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bugs in string functions #91
Comments
ispacked function fix: stock ispacked(const string[])
{
#emit lref.s.pri string
#emit const.alt ucharmax
#emit geq
#emit retn
return 0; /* make compiler happy. */
} |
For |
@VVWVV Care to make a pull request for that? |
You mean for
IMHO, it's rather a design error. Of course a scripter should provide a buffer big enough to fit the resulting string, but the one who implements the function is also supposed to make sure it verifies the arguments and if it isn't prone to buffer overflow, NULL pointer dereference etc. But yeah, there's probably no point in proving my point if design errors aren't considered errors here.
Well, in pawn-3.2-plus I made |
No, for regular code, adding an extra parameter default |
Hello.
I recently found several bugs in string functions and fixed them in my Pawn fork, pawn-3.2-plus, thought the info about them would be useful here as well.
ispacked()
Returns invalid value (false) when a packed string starts with a symbol with code
128
and above (e.g. a ciryllic symbol).Example:
Output:
strfind()
The function is prone to OOB access when the search start index is negative.
Example:
Output:
strdel()
The function is prone to OOB access when the index of the first character to remove is negative.
Example:
Output:
valstr()
The function doesn't take the buffer size into account (it doesn't have a
size
argument).Actually I'm not sure if this is even considered to be a bug in this repo; all of the abovementioned bugs were found by close code inspection, but this one is really obvious (IMHO, one look at the
valstr()
header instring.inc
should be pretty much enough to notice it) - and yet it's still not fixed here.Anyway, this bug should be really easy to work around by adding a
size = sizeof(dest)
argument intoFIXES_valstr()
and using it there.The text was updated successfully, but these errors were encountered: