mpo/VVVVVV
1
0
Fork 0
mirror of https://github.com/TerryCavanagh/VVVVVV.git synced 2024-12-23 10:09:43 +01:00
Code Issues Releases Wiki Activity

Fix out-of-bounds indexing with malformed XML entities in find_tag()

Browse source 
find_tag() would commit out-of-bounds indexing if someone made a level
file with malformed XML entity encodings in the metadata tags.

This would happen if the end of the string followed immediately after an
ampersand and hash, or if there wasn't a semicolon ending an XML entity.

Valgrind complains about these, so I've fixed it.
This commit is contained in:
Misa 2021-02-11 16:07:25 -08:00 committed by Ethan Lee
parent 5de7c180ea
commit a2ba37a1a4
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
desktop_version/src/editor.cpp
View file

@ -146,8 +146,19 @@ std::string find_tag(const std::string& buf, const std::string& start, const std
size_t start_pos = 0; size_t start_pos = 0;
while ((start_pos = value.find("&#", start_pos)) != std::string::npos) while ((start_pos = value.find("&#", start_pos)) != std::string::npos)
{ {
if (start_pos + 2 >= value.length())
{
return "";
}
bool hex = value[start_pos + 2] == 'x'; bool hex = value[start_pos + 2] == 'x';
size_t end = value.find(';', start_pos); size_t end = value.find(';', start_pos);
if (end == std::string::npos)
{
return "";
}
size_t real_start = start_pos + 2 + ((int) hex); size_t real_start = start_pos + 2 + ((int) hex);
std::string number(value.substr(real_start, end - real_start)); std::string number(value.substr(real_start, end - real_start));