Merge pull request #11240 from jdgleaver/string_list-safety

(string_list) Add checks to prevent undefined behaviour
2020-08-25 16:59:22 +02:00 · 2020-08-25 16:59:22 +02:00 · ed6f32fd80
parent 79c8a94857 179e77c8b0
commit ed6f32fd80
2 changed files with 24 additions and 2 deletions
--- a/libretro-common/include/string/stdstring.h
+++ b/libretro-common/include/string/stdstring.h
@ -70,7 +70,18 @@ static INLINE bool string_ends_with(const char *str, const char *suffix)
   return string_ends_with_size(str, suffix, strlen(str), strlen(suffix));
 }

-
+/* Returns the length of 'str' (c.f. strlen()), but only
+ * checks the first 'size' characters
+ * - If 'str' is NULL, returns 0
+ * - If 'str' is not NULL and no '\0' character is found
+ *   in the first 'size' characters, returns 'size' */
+static INLINE size_t strlen_size(const char *str, size_t size)
+{
+   size_t i = 0;
+   if (str)
+      for(; (i < size) && str[i]; ++i);
+   return i;
+}

 #define STRLEN_CONST(x)                   ((sizeof((x))-1))

--- a/libretro-common/lists/string_list.c
+++ b/libretro-common/lists/string_list.c
@ -245,7 +245,18 @@ void string_list_set(struct string_list *list,
 void string_list_join_concat(char *buffer, size_t size,
      const struct string_list *list, const char *delim)
 {
-   size_t i, len = strlen(buffer);
+   size_t i;
+   size_t len = strlen_size(buffer, size);
+
+   /* If buffer is already 'full', nothing
+    * further can be added
+    * > This condition will also be triggered
+    *   if buffer is not NUL-terminated,
+    *   in which case any attempt to increment
+    *   buffer or decrement size would lead to
+    *   undefined behaviour */
+   if (len >= size)
+      return;

   buffer += len;
   size   -= len;