[Valgrind] Fix buffer overrun in MCU_sttrtor8()

peter-b · peter-b · commit 00a52eb5097b · 2016-10-03T21:43:25.000+01:00
The char buffer passed to `MCU_strtor8()` is not guaranteed to be
nul-terminated, which means that `strnlen` rather than `strlen` must
be used if you want measure the length of the string in the buffer.

Fixing this exposed a bug whereby the length `l` and string pointer
`sptr` locals were not being reset after failing to parse an integer
from the buffer.
diff --git a/libfoundation/src/foundation-typeconvert.cpp b/libfoundation/src/foundation-typeconvert.cpp
@@ -164,7 +164,8 @@ static real64_t MCU_strtor8(const char *&r_str, uindex_t &r_len, int8_t p_delim,
         r_done = done;
         return i;
     }
-    l = MCMin(R8L - 1U, strlen(sptr));
+    sptr = r_str;
+    l = MCMin(R8L - 1U, strnlen(sptr, r_len));
     MCU_skip_spaces(sptr, l);
     // bugs in MSL means we need to check these things
     // MW-2006-04-21: [[ Purify ]] This was incorrect - we need to ensure l > 1 before running most
