diff options
author | Manu <manu-silicon@users.noreply.github.com> | 2016-02-17 09:48:16 +0900 |
---|---|---|
committer | Manu <manu-silicon@users.noreply.github.com> | 2016-02-17 14:35:02 +0900 |
commit | 153e0bb1bbd1724dc8e2b1e9faf52d82c22f8815 (patch) | |
tree | 99aea445f8b4b3c996fd4c20b40b33edde0b6dad /src/ildasm | |
parent | f7eebaa2c75ec211faf322445b1b1fc6b96b72b2 (diff) | |
download | coreclr-153e0bb1bbd1724dc8e2b1e9faf52d82c22f8815.tar.gz coreclr-153e0bb1bbd1724dc8e2b1e9faf52d82c22f8815.tar.bz2 coreclr-153e0bb1bbd1724dc8e2b1e9faf52d82c22f8815.zip |
Fix invalid usage of pointer and SZSTRING_REMAINING_SIZE macro
When manipulating strings, the string destination buffer and the argument
of SZSTRING_REMAINING_SIZE should be the same otherwise buffer
overflows will occur.
Changed DumpHexbytes to start from the provided pointer and not finding
out how much was printed so far in the szString buffer.
Diffstat (limited to 'src/ildasm')
-rw-r--r-- | src/ildasm/dasm.cpp | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/ildasm/dasm.cpp b/src/ildasm/dasm.cpp index 634af2b987..bb5f5e507b 100644 --- a/src/ildasm/dasm.cpp +++ b/src/ildasm/dasm.cpp @@ -2560,7 +2560,7 @@ void DumpCustomAttributeProps(mdToken tkCA, mdToken tkType, mdToken tkOwner, BYT break; default : - strcat_s(szString, SZSTRING_REMAINING_SIZE(szptr),ERRORMSG("UNKNOWN_OWNER")); + strcat_s(szptr, SZSTRING_REMAINING_SIZE(szptr),ERRORMSG("UNKNOWN_OWNER")); break; } szptr = &szString[strlen(szString)]; @@ -4352,7 +4352,7 @@ BOOL DumpProp(mdToken FuncToken, const char *pszClassName, DWORD dwClassAttrs, v if(DumpBody) { pch = szptr+1; - strcpy_s(pch,SZSTRING_REMAINING_SIZE(szptr),ProperName((char*)psz)); + strcpy_s(pch,SZSTRING_REMAINING_SIZE(pch),ProperName((char*)psz)); } qbMemberSig.Shrink(0); PrettyPrintMethodSig(szString, &uStringLen, &qbMemberSig, pComSig, cComSig, @@ -6509,10 +6509,9 @@ void DumpStatistics(IMAGE_COR20_HEADER *CORHeader, void* GUICookie) #pragma warning(pop) #endif -void DumpHexbytes(__inout __nullterminated char* szString,BYTE *pb, DWORD fromPtr, DWORD toPtr, DWORD limPtr) +void DumpHexbytes(__inout __nullterminated char* szptr,BYTE *pb, DWORD fromPtr, DWORD toPtr, DWORD limPtr) { char sz[256]; - char* szptr = &szString[strlen(szString)]; int k = 0,i; DWORD curPtr = 0; bool printsz = FALSE; @@ -7877,12 +7876,13 @@ DoneInitialization: { // initialized data szptr+=sprintf_s(szptr,SZSTRING_REMAINING_SIZE(szptr),"%s%8.8X = %s (",szTls,fromPtr,KEYWORD("bytearray")); printLine(g_pFile,szString); - sprintf_s(szString,SZSTRING_REMAINING_SIZE(szptr),"%s ",g_szAsmCodeIndent); + szptr = szString; + szptr+=sprintf_s(szptr,SZSTRING_SIZE,"%s ",g_szAsmCodeIndent); pb = g_pPELoader->base() + VAL32(pSecHdr->PointerToRawData) + fromPtr - VAL32(pSecHdr->VirtualAddress); // now fromPtr is the beginning of the BLOB, and toPtr is [exclusive] end of it - DumpHexbytes(szString, pb, fromPtr, toPtr, limPtr); + DumpHexbytes(szptr, pb, fromPtr, toPtr, limPtr); } // to preserve alignment, dump filler if any if(limPtr == toPtr) // don't need filler if it's the last item in section |