From f43eb5e71527691110e1698df15c18742e53c3ee Mon Sep 17 00:00:00 2001 From: cedric Date: Wed, 18 May 2011 15:13:18 +0000 Subject: [PATCH] edje: prevent buffer overrun when using multiple *. git-svn-id: http://svn.enlightenment.org/svn/e/trunk/edje@59510 7cbeb6ba-43b4-40fd-8cce-4c39aea84d33 --- src/lib/edje_match.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/lib/edje_match.c b/src/lib/edje_match.c index 6f134c0..bf728ca 100644 --- a/src/lib/edje_match.c +++ b/src/lib/edje_match.c @@ -35,7 +35,7 @@ static int _edje_match_states_alloc(Edje_Patterns *ppat, int n) { Edje_States *l; - + const size_t patterns_size = ppat->patterns_size; const size_t patterns_max_length = ppat->max_length; @@ -76,6 +76,7 @@ _edje_match_states_alloc(Edje_Patterns *ppat, int n) { l[i].states = (Edje_State *) states; l[i].has = (Eina_Bool *) has; + l[i].size = 0; memset(l[i].has, 0, has_size); @@ -273,6 +274,7 @@ _edje_match_patterns_exec_init_states(Edje_States *states, const char *str; \ Type *data; \ size_t j; \ + int special = 0; \ \ data = eina_list_data_get(lst); \ if (!data) \ @@ -291,14 +293,18 @@ _edje_match_patterns_exec_init_states(Edje_States *states, r->finals[i] = 0; \ for (j = 0; str[j]; ++j) \ if (str[j] != '*') \ - r->finals[i] = j + 1; \ + { \ + r->finals[i] = j + 1; \ + special++; \ + } \ + j += special ? special + 1 : 0; \ \ if (j > r->max_length) \ r->max_length = j; \ - \ + \ lst = eina_list_next(lst); \ } \ - \ + \ if (!_edje_match_states_alloc(r, 2)) \ { \ free(r); \ @@ -334,6 +340,7 @@ _edje_match_patterns_exec_init_states(Edje_States *states, { \ const char *str; \ size_t j; \ + int special = 0; \ \ if (!lst[i]) \ { \ @@ -351,7 +358,11 @@ _edje_match_patterns_exec_init_states(Edje_States *states, r->finals[i] = 0; \ for (j = 0; str[j]; ++j) \ if (str[j] != '*') \ - r->finals[i] = j + 1; \ + { \ + r->finals[i] = j + 1; \ + special++; \ + } \ + j += special ? special + 1 : 0; \ \ if (j > r->max_length) \ r->max_length = j; \ -- 2.7.4