• src/xpdev/str_list.c

    From rswindell@VERT to CVS commit on Wednesday, February 13, 2019 23:48:25
    src/xpdev str_list.c 1.52 1.53
    Update of /cvsroot/sbbs/src/xpdev
    In directory cvs:/tmp/cvs-serv31705

    Modified Files:
    str_list.c
    Log Message:
    Fix potential for heap corruption in (new function) strListModifyEach():
    If the modify callback function returned a pointer *within* the list item's allocated buffer, the strcpy() would copy from potentialy free'd memory as realloc may change the location of the heap buffer when resizing.
    Fixed by allocating a copy of the returned pointer before freeing the original list item buffer and then just assign the allocated pointer (no copying needed). This likely will result in more heap fragmentation for modified list items are now newly-allocated buffers rather than reallocated existing buffers but the other option would have been to allocate a temporary copy of the string before reallocating and then copying and that would've been a lot more overhead than with this approach.

    This likely fixes any crashes seen in recent revs of v3.17c (e.g. when
    imported QWK or REP packets and text/*.can and the twitlist.cfg are parsed). The sighting on Vertrauen was only in the Windows build and appeared when importing QWK/REP packets.



    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net