diff --git a/ChangeLog b/ChangeLog index daa9bab64..482dae579 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2014-06-01 Richard Frith-Macdonald + + * Source/Additions/Unicode.m: Fix buffer overrun. + * Source/GSString.m: Fix uninitialised variable. + Cure for bug #42483 + 2014-05-28 Manuel Guesdon * Source/NSUndoManager.m Assert sig is not null in registerUndoWithTarget:selector:object: diff --git a/Source/Additions/Unicode.m b/Source/Additions/Unicode.m index ba1350f23..5dafa0ead 100644 --- a/Source/Additions/Unicode.m +++ b/Source/Additions/Unicode.m @@ -2068,9 +2068,9 @@ bases: uint8_t *tmp; #if GS_WITH_GC - tmp = NSAllocateCollectable(slen, 0); + tmp = NSAllocateCollectable(slen + extra, 0); #else - tmp = NSZoneMalloc(zone, slen); + tmp = NSZoneMalloc(zone, slen + extra); if (ptr != buf && ptr != *dst) { NSZoneFree(zone, ptr); diff --git a/Source/GSString.m b/Source/GSString.m index 18d9c44e0..d18099262 100644 --- a/Source/GSString.m +++ b/Source/GSString.m @@ -1806,7 +1806,7 @@ compare_u(GSStr self, NSString *aString, unsigned mask, NSRange aRange) static inline const char* cString_c(GSStr self, NSStringEncoding enc) { - unsigned char *r; + unsigned char *r = 0; if (self->_count == 0) { diff --git a/Tests/base/NSString/test00.m b/Tests/base/NSString/test00.m index 1c0c3a9b0..bd866b6fe 100644 --- a/Tests/base/NSString/test00.m +++ b/Tests/base/NSString/test00.m @@ -256,8 +256,20 @@ int main() NSAutoreleasePool *arp = [NSAutoreleasePool new]; NSString *str; NSString *sub; - char buf[10]; + const char *ptr; + char buf[10]; + str = @"a"; + while ([str length] < 30000) + { + str = [str stringByAppendingString: str]; + } + if (0 == [str length] % 2) + { + str = [str stringByAppendingString: @"x"]; + } + ptr = [str cStringUsingEncoding: NSASCIIStringEncoding]; + PASS_EXCEPTION([NSString stringWithUTF8String: 0], NSInvalidArgumentException, "stringWithUTF8String raises for NULL");