From db0f5847ea8b96b3c1ac08e7aeb43d83daacb8e4 Mon Sep 17 00:00:00 2001 From: Josh Bell Date: Sat, 16 Feb 2008 00:57:46 +0000 Subject: svn merge -r 80024:80160 svn+ssh://svn.lindenlab.com/svn/linden/branches/Branch_1-19-1-Server Port fixes for: * DEV-10609 Checkboxes in About Land untick when selected * Extend the sim node regex to support sim1-telstra.durga.lindenlab.com for colo testing. * Provide "version_valid" for each version when querying a channel * Update to latest eventlet r87, to handle multi-character terminators split across read buffers * DEV-10487 Log viewer stats sim and php fix * QAR-288: Pull in crash fixes from LSL bytecode parsing --- indra/lscript/lscript_byteconvert.h | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) (limited to 'indra/lscript/lscript_byteconvert.h') diff --git a/indra/lscript/lscript_byteconvert.h b/indra/lscript/lscript_byteconvert.h index 923b2b402d..d0a5d574d0 100644 --- a/indra/lscript/lscript_byteconvert.h +++ b/indra/lscript/lscript_byteconvert.h @@ -162,10 +162,16 @@ inline void bytestream_int2float(U8 *stream, S32 &offset) float2bytestream(stream, offset, fpvalue); } -inline void bytestream2char(char *buffer, const U8 *stream, S32 &offset) +// Returns true on success, return false and clip copy on buffer overflow +inline bool bytestream2char(char *buffer, const U8 *stream, S32 &offset, S32 buffsize) { - while ((*buffer++ = *(stream + offset++))) - ; + S32 source_len = strlen( (const char *)stream+offset ); + strncpy( buffer, (const char *)stream+offset, buffsize-1 ); + buffer[buffsize-1] = 0; + + offset += source_len + 1; // advance past source string, include terminating '\0' + + return source_len < buffsize; } inline void char2bytestream(U8 *stream, S32 &offset, const char *buffer) @@ -1065,11 +1071,30 @@ inline void safe_instruction_float2bytestream(U8 *stream, S32 &offset, F32 value } } -inline void safe_instruction_bytestream2char(char *buffer, U8 *stream, S32 &offset) +inline void safe_instruction_bytestream2char(char *buffer, U8 *stream, S32 &offset, S32 buffsize) { - while ( (safe_instruction_check_address(stream, offset, 1)) + bool safe; + while ( (safe = safe_instruction_check_address(stream, offset, 1)) + && buffsize-- &&(*buffer++ = *(stream + offset++))) ; + + // Return if it ended in a null (success) or if script error handling is taking over + if( !safe || (0 == *(buffer-1)) ) + { + return; // Yep. Success. + } + + // Defensive mode. We copied at least one char and ran out of space before + // null termination. Add the terminator... + *(buffer-1) = 0; + + // ...and advance offset past the end of the data as if we copied the rest. If we + // violate the safety check, script error handling will protect us. No need to + // keep advancing. + while( safe_instruction_check_address(stream, offset, 1) + && *( stream + offset++ ) ) + ; } inline void safe_instruction_bytestream_count_char(U8 *stream, S32 &offset) -- cgit v1.3