From 9544f1c9611a50bbd2621bb1a4471cb62d2baaa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9a=20Saviot?= Date: Thu, 13 Feb 2020 15:12:11 +0100 Subject: [PATCH] [apps/eschr] Don't copy an expr when editing it, if it is too long Scenario: Create a new sequence which is the multiplication of a lot of imaginary i. Save it (many multiplication sign are added), then try to edit it again, in linear edition mode: the text overflows the buffer. If we still copied it, it might get copied until the middle of a code point, which would make the UTF8Decoder crash afterwards. --- apps/shared/expression_model.cpp | 6 +++++- escher/src/text_field.cpp | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/apps/shared/expression_model.cpp b/apps/shared/expression_model.cpp index 73ba0a61e..c67d399b7 100644 --- a/apps/shared/expression_model.cpp +++ b/apps/shared/expression_model.cpp @@ -33,7 +33,11 @@ void ExpressionModel::text(const Storage::Record * record, char * buffer, size_t if (symbol != 0) { e = e.replaceSymbolWithExpression(Symbol::Builder(UCodePointUnknown), Symbol::Builder(symbol)); } - e.serialize(buffer, bufferSize); + int serializedSize = e.serialize(buffer, bufferSize); + if (serializedSize >= bufferSize - 1) { + // It is very likely that the buffer is overflowed + buffer[0] = 0; + } } bool ExpressionModel::isCircularlyDefined(const Storage::Record * record, Poincare::Context * context) const { diff --git a/escher/src/text_field.cpp b/escher/src/text_field.cpp index de6e293e2..afa95ce45 100644 --- a/escher/src/text_field.cpp +++ b/escher/src/text_field.cpp @@ -78,6 +78,12 @@ void TextField::ContentView::setText(const char * text) { maxBufferSize = m_draftTextBufferSize; buffer = s_draftTextBuffer; } + if (textRealLength > maxBufferSize - 1) { + // The text was too long to be copied + // TODO Maybe add a warning for the user? + buffer[0] = 0; + return; + } int textLength = minInt(textRealLength, maxBufferSize - 1); // Copy the text strlcpy(buffer, text, maxBufferSize);