From 7ca6f56a065a666fc605d2fa402a2eea14bc40c0 Mon Sep 17 00:00:00 2001 From: jackpoz Date: Sat, 28 Sep 2013 23:52:55 +0200 Subject: Tools/MapExtractor: Fix string-related memory issues Fix not-NULL terminated char buffers and char[] to string conversion. Valgrind logs: Invalid read of size 1 at 0x4C2D7D4: __GI_strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x5318BAF: std::basic_string, std::allocator >::basic_string(char const*, std::allocator const&) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17) by 0x409471: ReadBuild(int) (System.cpp:189) by 0x40CEC6: main (System.cpp:1108) Address 0x5f851ee is 0 bytes after a block of size 94 alloc'd at 0x4C2C037: operator new[](unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x40F63A: MPQFile::MPQFile(char const*) (mpq_libmpq.cpp:65) by 0x409408: ReadBuild(int) (System.cpp:182) by 0x40CEC6: main (System.cpp:1108) Invalid read of size 1 at 0x57FFCAC: strtok (strtok.S:165) by 0x40D279: MPQArchive::GetFileListTo(std::vector >&) (mpq_libmpq04.h:45) by 0x40C5CF: ExtractDBCFiles(int, bool) (System.cpp:1001) by 0x40CEF5: main (System.cpp:1110) Address 0x5f91e27 is 0 bytes after a block of size 44,391 alloc'd at 0x4C2C037: operator new[](unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x40D1A5: MPQArchive::GetFileListTo(std::vector >&) (mpq_libmpq04.h:30) by 0x40C5CF: ExtractDBCFiles(int, bool) (System.cpp:1001) by 0x40CEF5: main (System.cpp:1110) --- src/tools/map_extractor/System.cpp | 2 +- src/tools/map_extractor/mpq_libmpq04.h | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/tools/map_extractor/System.cpp b/src/tools/map_extractor/System.cpp index 2173dab4e1c..a44c6f00acb 100644 --- a/src/tools/map_extractor/System.cpp +++ b/src/tools/map_extractor/System.cpp @@ -186,7 +186,7 @@ uint32 ReadBuild(int locale) exit(1); } - std::string text = m.getPointer(); + std::string text = std::string(m.getPointer(), m.getSize()); m.close(); size_t pos = text.find("version=\""); diff --git a/src/tools/map_extractor/mpq_libmpq04.h b/src/tools/map_extractor/mpq_libmpq04.h index 4691693d80d..a4eaf1d42db 100644 --- a/src/tools/map_extractor/mpq_libmpq04.h +++ b/src/tools/map_extractor/mpq_libmpq04.h @@ -27,7 +27,8 @@ public: libmpq__off_t size, transferred; libmpq__file_unpacked_size(mpq_a, filenum, &size); - char *buffer = new char[size]; + char *buffer = new char[size+1]; + buffer[size] = '\0'; libmpq__file_read(mpq_a, filenum, (unsigned char*)buffer, size, &transferred); -- cgit v1.2.3