noisymime
/
ArduinoCore-avr
mirror of https://github.com/noisymime/ArduinoCore-avr.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix off-by-one in String::substring 

When checking the `left` argument, it previously allowed having
left == len. However, this means the substring starts one past the last
character in the string and should return the empty string. In practice,
this already worked correctly, because buffer[len] contains the trailing
nul, so it would (re)assign the empty string to `out`.

However, fixing this check makes it a bit more logical, and prevents a
fairly unlikely out-of-buffer write (to address 0x0) when calling
substring on an invalidated String:

	String bar = (char*)NULL;
	bar.substring(0, 0);
This commit is contained in:
Matthijs Kooijman 2014-04-24 22:57:27 +02:00
parent 35a84769d4
commit fde95cf5b5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cores/arduino/WString.cpp
View File

@ -619,7 +619,7 @@ String String::substring(unsigned int left, unsigned int right) const
left = temp;
}
String out;
if (left > len) return out;
if (left >= len) return out;
if (right > len) right = len;
char temp = buffer[right]; // save the replaced character
buffer[right] = '\0';