Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-03-03 19:59:09 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix off-by-one in r_str_replace

Browse Source
This commit is contained in:
pancake 2013-10-26 23:53:50 +02:00
parent c99497170b
commit f2ce3f277b
1 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
libr/util/str.c
View File

@ -601,33 +601,37 @@ R_API void *r_str_free(void *ptr) {
}
R_API char* r_str_replace(char *str, const char *key, const char *val, int g) {
int off, i;
int klen = strlen (key);
int vlen = strlen (val);
int slen = strlen (str);
char *new, *old, *p = str;
int off, i, klen, vlen, slen;
char *newstr, *scnd, *p = str;
if (!str || !key || !val) return NULL;
klen = strlen (key);
vlen = strlen (val);
slen = strlen (str);
for (i = 0; i < slen; ) {
if ((i+vlen)>slen)
break;
p = (char *)r_mem_mem (
(const ut8*)str + i, slen - i,
(const ut8*)key, klen);
if (!p) break; // || !p[klen]) break;
old = strdup (p+klen);
slen += (vlen-klen) + 1;
if (!p) break;
off = (int)(size_t)(p-str);
new = realloc (str, slen);
if (!new) {
scnd = strdup (p+klen);
slen += vlen - klen + 1;
newstr = realloc (str, slen+1);
if (!newstr) {
eprintf ("realloc fail\n");
free (str);
free (old);
free (scnd);
str = NULL;
break;
}
str = new;
str = newstr;
p = str+off;
memcpy (p, val, vlen);
memcpy (p+vlen, old, strlen (old)+1);
memcpy (p+vlen, scnd, strlen (scnd)+1);
i = off+vlen;
free (old);
free (scnd);
if (!g) break;
}
return str;