| 123456789101112131415161718192021222324252627282930313233343536 |
- From 2600d01373ce04b34f698f3887e90a35c77bda61 Mon Sep 17 00:00:00 2001
- From: labath <pavelo@centrum.sk>
- Date: Tue, 31 Jan 2017 01:31:09 +0000
- Subject: [PATCH] Fix an out-of-range error in new_graph (#356)
- The code was multiplying the index with the size of the element, and
- then adding it to the typed pointer (resulting in a double
- multiplication and an OOB access).
- Replace the buggy code with a slightly safer c++ alternative.
- ---
- src/specials.cc | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
- diff --git a/src/specials.cc b/src/specials.cc
- index ee941eb..73bd2a2 100644
- --- a/src/specials.cc
- +++ b/src/specials.cc
- @@ -519,14 +519,12 @@ void new_graph(struct text_object *obj, char *buf, int buf_max_size, double val)
- DBGP("reallocing graph from %d to %d", s->graph_allocated, s->graph_width);
- if (!s->graph) {
- /* initialize */
- - memset(graph, 0, s->graph_width * sizeof(double));
- + std::fill_n(graph, s->graph_width, 0.0);
- s->scale = 100;
- } else {
- if (s->graph_width > s->graph_allocated) {
- /* initialize the new region */
- - memset(graph + (s->graph_allocated * sizeof(double)), 0,
- - (s->graph_width - s->graph_allocated) *
- - sizeof(double));
- + std::fill(graph + s->graph_allocated, graph + s->graph_width, 0.0);
- }
- }
- s->graph = graph;
|
