aboutsummaryrefslogtreecommitdiff
path: root/firmwares/atmegaxxu2/arduino-usbserial/Arduino-usbserial.c
diff options
context:
space:
mode:
authorMatthijs Kooijman <matthijs@stdin.nl>2014-03-16 11:26:30 +0100
committerMatthijs Kooijman <matthijs@stdin.nl>2014-09-10 12:33:25 +0200
commitb2729a515607f1b0108d38b816430797f558c57f (patch)
treef0ad7abb905c7f887082d1f68b3a79b21c6f374b /firmwares/atmegaxxu2/arduino-usbserial/Arduino-usbserial.c
parentdfb0dee773bb7e9f44348ca518292435e9148eba (diff)
Fix bounds check in String::remove()
Previously, if you passed in a very big index and/or count, the `index + count` could overflow, making the count be used as-is instead of being truncated (causing the string to be updated wrongly and potentially writing to arbitrary memory locations). We can rewrite the comparison to use `len - index` instead. Since we know that index < len, we are sure this subtraction does not overflow, regardless of what values of index and count we pass in. As an added bonus, the `len - index` value already needed be calculated inside the if, so this saves a few instructions in the generated code. To illustrate this problem, consider this code: String foo = "foo"; Serial.println(foo.length()); // Prints 3 foo.remove(1, 65535); // Should remove all but first character Serial.println(foo.length()); // Prints 4 without this patch Not shown in this is example is that some arbitrary memory is written as well.
Diffstat (limited to 'firmwares/atmegaxxu2/arduino-usbserial/Arduino-usbserial.c')
0 files changed, 0 insertions, 0 deletions