Fix buffer overflow on multiline restricted with unterminated quote and multiple empty lines (#41)

2025-12-14 21:59:55 +01:00 · 2024-03-01 15:46:34 +01:00
parent 27bd60b5ce
commit df2beab6c3
4 changed files with 44 additions and 31 deletions
--- a/include/ss/converter.hpp
+++ b/include/ss/converter.hpp
@@ -269,6 +269,7 @@ private:

    void handle_error_multiline_limit_reached() {
        constexpr static auto error_msg = "multiline limit reached";
+        splitter_.unterminated_quote_ = false;

        if constexpr (string_error) {
            error_.clear();
--- a/include/ss/parser.hpp
+++ b/include/ss/parser.hpp
@@ -789,7 +789,8 @@ private:
                    }

                    if (!append_next_line_to_buffer(next_line_buffer_,
-                                                    next_line_size_)) {
+                                                    next_line_size_,
+                                                    next_line_buffer_size_)) {
                        next_line_converter_.handle_error_unterminated_escape();
                        return;
                    }
@@ -807,7 +808,8 @@ private:
                    }

                    if (!append_next_line_to_buffer(next_line_buffer_,
-                                                    next_line_size_)) {
+                                                    next_line_size_,
+                                                    next_line_buffer_size_)) {
                        next_line_converter_.handle_error_unterminated_quote();
                        return;
                    }
@@ -818,8 +820,9 @@ private:
                                return;
                            }

-                            if (!append_next_line_to_buffer(next_line_buffer_,
-                                                            next_line_size_)) {
+                            if (!append_next_line_to_buffer(
+                                    next_line_buffer_, next_line_size_,
+                                    next_line_buffer_size_)) {
                                next_line_converter_
                                    .handle_error_unterminated_escape();
                                return;
@@ -863,13 +866,14 @@ private:
            return next_line_converter_.unterminated_quote();
        }

-        void undo_remove_eol(char* buffer, size_t& string_end) {
-            if (crlf_) {
-                std::copy_n("\r\n", 2, buffer + string_end);
-                string_end += 2;
-            } else {
-                std::copy_n("\n", 1, buffer + string_end);
-                string_end += 1;
+        void undo_remove_eol(char* buffer, size_t& line_size,
+                             size_t buffer_size) {
+            if (crlf_ && buffer_size >= line_size + 2) {
+                std::copy_n("\r\n", 2, buffer + line_size);
+                line_size += 2;
+            } else if (buffer_size > line_size) {
+                std::copy_n("\n", 1, buffer + line_size);
+                line_size += 1;
            }
        }

@@ -903,8 +907,9 @@ private:
            first_size += second_size;
        }

-        bool append_next_line_to_buffer(char*& buffer, size_t& size) {
-            undo_remove_eol(buffer, size);
+        bool append_next_line_to_buffer(char*& buffer, size_t& line_size,
+                                        size_t buffer_size) {
+            undo_remove_eol(buffer, line_size, buffer_size);

            chars_read_ = curr_char_;
            auto [next_ssize, eof] =
@@ -917,8 +922,8 @@ private:

            ++line_number_;
            size_t next_size = remove_eol(helper_buffer_, next_ssize);
-            realloc_concat(buffer, size, next_line_buffer_size_, helper_buffer_,
-                           next_size);
+            realloc_concat(buffer, line_size, next_line_buffer_size_,
+                           helper_buffer_, next_size);
            return true;
        }