From 1cb6a5f73d188d486c766630a77f09da624aa422 Mon Sep 17 00:00:00 2001 From: Markus Gans Date: Sun, 15 Oct 2017 23:22:13 +0200 Subject: [PATCH] FObject double free prevention of fc::empty_string --- ChangeLog | 3 +++ examples/listview.cpp | 10 +++++----- examples/treeview.cpp | 44 +++++++++++++++++++------------------------ src/fobject.cpp | 23 +++++++++++----------- src/fstring.cpp | 8 ++++---- 5 files changed, 43 insertions(+), 45 deletions(-) diff --git a/ChangeLog b/ChangeLog index 63d5f74d..c6b6cf77 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2017-10-15 Markus Gans + * FObject double free prevention of fc::empty_string + 2017-10-14 Markus Gans * Fixed a bug in the FObject check of parent objects * Replace the deprecated readdir_r function (CVE-2013-4237) diff --git a/examples/listview.cpp b/examples/listview.cpp index f14ea39f..55030362 100644 --- a/examples/listview.cpp +++ b/examples/listview.cpp @@ -182,11 +182,11 @@ void Listview::cb_showInMessagebox (FWidget* widget, data_ptr) { FListView* listView = static_cast(widget); FListViewItem* item = listView->getCurrentItem(); - FMessageBox info ( "Weather in " + item->getText(0) - , " Condition: " + item->getText(1) + "\n" - "Temperature: " + item->getText(2) + "\n" - " Humidity: " + item->getText(3) + "\n" - " Pressure: " + item->getText(4) + FMessageBox info ( "Weather in " + item->getText(1) + , " Condition: " + item->getText(2) + "\n" + "Temperature: " + item->getText(3) + "\n" + " Humidity: " + item->getText(4) + "\n" + " Pressure: " + item->getText(5) , FMessageBox::Ok, 0, 0, this ); info.show(); } diff --git a/examples/treeview.cpp b/examples/treeview.cpp index 4ece71a4..543080a4 100644 --- a/examples/treeview.cpp +++ b/examples/treeview.cpp @@ -168,25 +168,25 @@ Treeview::Treeview (FWidget* parent) static TreeItem europe[] = { - { "Austria", "8,794,267", "104.0", 0 }, - { "Belarus", "9,498,700", "45.8", 0 }, - { "Bulgaria", "7,101,859", "64.9", 0 }, - { "Czech Republic", "10,610,947", "134.0", 0 }, - { "Finland", "5,506,312", "16.0", 0 }, - { "France", "66,991,000", "103.0", 0 }, - { "Germany", "82,175,700", "227.0", 0 }, - { "Greece", "11,183,716", "82.0", 0 }, - { "Hungary", "9,797,561", "105.3", 0 }, - { "Iceland", "332,529", "3.2", 0 }, - { "Italy", "60,589,445", "201.3", 0 }, - { "Norway", "5,267,146", "15.8", 0 }, - { "Poland", "38,634,007", "123.0", 0 }, - { "Portugal", "10,309,573", "115.0", 0 }, - { "Romania", "19,638,000", "84.4", 0 }, - { "Serbia", "7,058,322", "91.1", 0 }, - { "Spain", "46,468,102", "92.0", 0 }, - { "Sweden", "10,065,389", "22.0", 0 }, - { "United Kingdom", "65,648,000", "270.7", 0 }, + { "Austria", "8,794,267", "104.0", 0 }, + { "Belarus", "9,498,700", "45.8", 0 }, + { "Bulgaria", "7,101,859", "64.9", 0 }, + { "Czech Republic", "10,610,947", "134.0", 0 }, + { "Finland", "5,506,312", "16.0", 0 }, + { "France", "66,991,000", "103.0", 0 }, + { "Germany", "82,175,700", "227.0", 0 }, + { "Greece", "11,183,716", "82.0", 0 }, + { "Hungary", "9,797,561", "105.3", 0 }, + { "Iceland", "332,529", "3.2", 0 }, + { "Italy", "60,589,445", "201.3", 0 }, + { "Norway", "5,267,146", "15.8", 0 }, + { "Poland", "38,634,007", "123.0", 0 }, + { "Portugal", "10,309,573", "115.0", 0 }, + { "Romania", "19,638,000", "84.4", 0 }, + { "Serbia", "7,058,322", "91.1", 0 }, + { "Spain", "46,468,102", "92.0", 0 }, + { "Sweden", "10,065,389", "22.0", 0 }, + { "United Kingdom", "65,648,000", "270.7", 0 }, { 0, 0, 0, 0 } }; @@ -266,12 +266,6 @@ Treeview::Treeview (FWidget* parent) continent_list++; } - FObjectIterator iter = listView->beginOfList(); - FObjectIterator iter_africa = iter++; - FListViewItem* item_africa = static_cast(*iter_africa); - item_africa->expand(); - - // Quit button Quit = new FButton (this); Quit->setGeometry(24, 16, 10, 1); diff --git a/src/fobject.cpp b/src/fobject.cpp index c4f7b69c..730654ca 100644 --- a/src/fobject.cpp +++ b/src/fobject.cpp @@ -35,13 +35,15 @@ const FString* fc::empty_string = 0; FObject::FObject (FObject* parent) : widget_object(false) , parent_obj(parent) - , children_list() // no children yet + , children_list() // no children yet , has_parent(false) { - if ( parent_obj ) // add object to parent - parent_obj->addChild(this); - - if ( parent == 0 ) + if ( parent ) // add object to parent + { + parent->addChild(this); + has_parent = true; + } + else { timer_modify_lock = false; @@ -71,17 +73,11 @@ FObject::FObject (FObject* parent) } } } - else - has_parent = true; } //---------------------------------------------------------------------- FObject::~FObject() // destructor { - if ( parent_obj ) - parent_obj->delChild(this); - - parent_obj = 0; delOwnTimer(); // delete all timers of this object if ( ! has_parent && timer_list ) @@ -110,6 +106,11 @@ FObject::~FObject() // destructor ++iter; } } + + if ( parent_obj ) + parent_obj->delChild(this); + + parent_obj = 0; } // public methods of FObject diff --git a/src/fstring.cpp b/src/fstring.cpp index f7fd611d..ead2bdd5 100644 --- a/src/fstring.cpp +++ b/src/fstring.cpp @@ -2482,13 +2482,13 @@ inline void FString::_assign (const wchar_t* s) //---------------------------------------------------------------------- inline void FString::_insert (uInt pos, uInt len, const wchar_t* s) { + if ( len == 0 ) // String s is a null or a empty string + return; + if ( ! string ) { // string is null - if ( len == 0 ) // String s is also a null string - return; - length = len; bufsize = FWDBUFFER + length + 1; @@ -2512,7 +2512,7 @@ inline void FString::_insert (uInt pos, uInt len, const wchar_t* s) if ( (length + len + 1) <= bufsize ) { // output string <= bufsize - for (x = length; x + 1 > pos; x--) // shifting right side + '\0' + for (x = length; x + 1 > pos; x--) // shifting right side + '\0' string[x + len] = string[x]; for (x = 0; x < len; x++) // insert string