mirror of
https://github.com/arduino/Arduino.git
synced 2024-11-30 11:24:12 +01:00
2068f88a21
Previously, if you passed in a very big index and/or count, the `index + count` could overflow, making the count be used as-is instead of being truncated (causing the string to be updated wrongly and potentially writing to arbitrary memory locations). We can rewrite the comparison to use `len - index` instead. Since we know that index < len, we are sure this subtraction does not overflow, regardless of what values of index and count we pass in. As an added bonus, the `len - index` value already needed be calculated inside the if, so this saves a few instructions in the generated code. To illustrate this problem, consider this code: String foo = "foo"; Serial.println(foo.length()); // Prints 3 foo.remove(1, 65535); // Should remove all but first character Serial.println(foo.length()); // Prints 4 without this patch Not shown in this is example is that some arbitrary memory is written as well. |
||
|---|---|---|
| .. | ||
| bootloaders | ||
| cores/arduino | ||
| firmwares | ||
| libraries | ||
| variants | ||
| boards.txt | ||
| platform.txt | ||
| programmers.txt | ||