From 5366d05ce266ec7db1b34981bca692c44571f228 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Tue, 16 Jan 2007 19:03:29 +0000 Subject: [PATCH] Fixed a serious potential corruption bug --HG-- extra : convert_revision : svn%3A39bc706e-5318-0410-9160-8a85361fbb7c/trunk%40301 --- core/systems/CFunction.cpp | 8 ++++---- core/systems/CFunction.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/core/systems/CFunction.cpp b/core/systems/CFunction.cpp index 1d6bf769..6f123518 100644 --- a/core/systems/CFunction.cpp +++ b/core/systems/CFunction.cpp @@ -90,7 +90,7 @@ int CFunction::PushArray(cell_t *inarray, unsigned int cells, cell_t **phys_addr info->flags = inarray ? copyback : 0; info->marked = true; - info->size = cells; + info->size = cells * sizeof(cell_t); m_params[m_curparam] = info->local_addr; m_curparam++; @@ -162,7 +162,7 @@ int CFunction::_PushString(const char *string, int sz_flags, int cp_flags, size_ skip_localtostr: info->flags = cp_flags; info->orig_addr = (cell_t *)string; - info->size = cells; + info->size = len; return SP_ERROR_NONE; } @@ -229,13 +229,13 @@ int CFunction::Execute(cell_t *result) { if (temp_info[numparams].orig_addr) { - if (temp_info[numparams].size == 1) + if (temp_info[numparams].size == sizeof(cell_t)) { *temp_info[numparams].orig_addr = *temp_info[numparams].phys_addr; } else { memcpy(temp_info[numparams].orig_addr, temp_info[numparams].phys_addr, - temp_info[numparams].size * sizeof(cell_t)); + temp_info[numparams].size); } } } diff --git a/core/systems/CFunction.h b/core/systems/CFunction.h index d68d837d..f0f05897 100644 --- a/core/systems/CFunction.h +++ b/core/systems/CFunction.h @@ -11,7 +11,7 @@ struct ParamInfo cell_t local_addr; /* Local address to free */ cell_t *phys_addr; /* Physical address of our copy */ cell_t *orig_addr; /* Original address to copy back to */ - ucell_t size; /* Size of array in cells */ + ucell_t size; /* Size of array in bytes */ }; class CPlugin;