Aren/haiku
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

STXTTranslator: Fix use-after-free of encoding name.

Browse Source 
The name retrieved from GetName() on BTextEncoding is owned by that
instance which goes out of scope when identify_text() returns. A const
char pointer to it can therefore not be used as an output variable. Use
a BString instead which ensures an appropriate reference is acquired.

Change-Id: Ib87fc9879d29e927bb41d1a9165ca7599b74a3bf
Reviewed-on: https://review.haiku-os.org/c/haiku/+/3115
Reviewed-by: waddlesplash <waddlesplash@gmail.com>
This commit is contained in:
Michael Lotz 2020-08-01 00:40:26 +02:00 committed by waddlesplash
parent 75b8b6863a
commit 6199db56e1
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/add-ons/translators/stxt/STXTTranslator.cpp
View File

@ -222,7 +222,7 @@ identify_stxt_header(const TranslatorStyledTextStreamHeader &header,
*/
status_t
identify_text(uint8* data, int32 bytesRead, BPositionIO* source,
translator_info* outInfo, uint32 outType, const char*& encoding)
translator_info* outInfo, uint32 outType, BString& encoding)
{
ssize_t readLater = source->Read(data + bytesRead, DATA_BUFFER_SIZE - bytesRead);
if (readLater < B_OK)
@ -232,7 +232,7 @@ identify_text(uint8* data, int32 bytesRead, BPositionIO* source,
BPrivate::BTextEncoding textEncoding((char*)data, (size_t)bytesRead);
encoding = textEncoding.GetName();
if (strlen(encoding) == 0) {
if (encoding.IsEmpty()) {
/* No valid character encoding found! */
return B_NO_TRANSLATOR;
}
@ -474,7 +474,7 @@ output_styles(BPositionIO *outDestination, uint32 text_size,
styled text in outDestination
*/
status_t
translate_from_text(BPositionIO* source, const char* outEncoding, bool forceEncoding,
translate_from_text(BPositionIO* source, BString encoding, bool forceEncoding,
BPositionIO* destination, uint32 outType)
{
if (outType != B_TRANSLATOR_TEXT && outType != B_STYLED_TEXT_FORMAT)
@ -523,7 +523,6 @@ translate_from_text(BPositionIO* source, const char* outEncoding, bool forceEnco
} encodingBuffer;
BNode* node = dynamic_cast<BNode*>(source);
BString encoding(outEncoding);
if (node != NULL) {
// determine encoding, if available
bool hasAttribute = false;
@ -731,7 +730,7 @@ STXTTranslator::Identify(BPositionIO *inSource,
}
// if the data is not styled text, check if it is plain text
const char* encoding;
BString encoding;
return identify_text(buffer, nread, inSource, outInfo, outType, encoding);
}
@ -779,7 +778,7 @@ STXTTranslator::Translate(BPositionIO* source, const translator_info* info,
// if the data is not styled text, check if it is ASCII text
bool forceEncoding = false;
const char* encoding = NULL;
BString encoding;
result = identify_text(buffer, bytesRead, source, &outInfo, outType, encoding);
if (result != B_OK)
return result;