[haiku-commits] Change in haiku[master]: Cortex: Fix buffer overflows in label truncation.

From: Gerrit <review@xxxxxxxxxxxxxxxxxxx>
To: waddlesplash <waddlesplash@xxxxxxxxx>, haiku-commits@xxxxxxxxxxxxx
Date: Fri, 31 Jul 2020 23:09:17 +0000

From Michael Lotz <mmlr@xxxxxxxx>:

Michael Lotz has uploaded this change for review. (
https://review.haiku-os.org/c/haiku/+/3116 ;)

Change subject: Cortex: Fix buffer overflows in label truncation.
......................................................................

Cortex: Fix buffer overflows in label truncation.

The label to be truncated was copied into a fixed width buffer without
taking the null byte into account which would make
BFont::GetTruncatedStrings() read out of bounds when the name got long
enough. The output strings were also not allocated with the required
extra space for the ellipsis which would possibly have caused the
output to overflow.

Since the goal is to truncate a single string, remove the entire
temporary extra allocations and simplify to use BFont::TruncateString()
directly, which avoids both problems by being BString based.
---
M src/apps/cortex/MediaRoutingView/MediaNodePanel.cpp
1 file changed, 2 insertions(+), 14 deletions(-)

  git pull ssh://git.haiku-os.org:22/haiku refs/changes/16/3116/1

diff --git a/src/apps/cortex/MediaRoutingView/MediaNodePanel.cpp
b/src/apps/cortex/MediaRoutingView/MediaNodePanel.cpp
index 92d6864..5f41912 100644
--- a/src/apps/cortex/MediaRoutingView/MediaNodePanel.cpp
+++ b/src/apps/cortex/MediaRoutingView/MediaNodePanel.cpp
@@ -841,24 +841,12 @@
        }

        // truncate the label to fit in the panel
+       m_label = m_fullLabel;
        float maxWidth = m_labelRect.Width() - (2.0 * M_LABEL_H_MARGIN) - 2.0;
        if (be_plain_font->StringWidth(m_fullLabel.String()) > maxWidth)
        {
-               char *truncatedLabel[1];
-               truncatedLabel[0] = new char[B_MEDIA_NAME_LENGTH];
-               const char *originalLabel[1];
-               originalLabel[0] = new char[B_MEDIA_NAME_LENGTH];
-               m_fullLabel.CopyInto(const_cast<char *>(originalLabel[0]), 0,
B_MEDIA_NAME_LENGTH);
-               be_plain_font->GetTruncatedStrings(originalLabel, 1,
B_TRUNCATE_END, maxWidth, (char **) truncatedLabel);
-               m_label = truncatedLabel[0];
+               be_plain_font->TruncateString(&m_label, B_TRUNCATE_END,
maxWidth);
                m_labelTruncated = true;
-               delete [] originalLabel[0];
-               delete [] truncatedLabel[0];
-       }
-       else
-       {
-               m_label = m_fullLabel;
-               m_labelTruncated = false;
        }

        // Construct labelOffset

--
To view, visit https://review.haiku-os.org/c/haiku/+/3116
To unsubscribe, or for help writing mail filters, visit
https://review.haiku-os.org/settings

Gerrit-Project: haiku
Gerrit-Branch: master
Gerrit-Change-Id: Ib57430faf6f706c705497191000ee9686441857e
Gerrit-Change-Number: 3116
Gerrit-PatchSet: 1
Gerrit-Owner: Michael Lotz <mmlr@xxxxxxxx>
Gerrit-MessageType: newchange

Follow-Ups:
- [haiku-commits] Change in haiku[master]: Cortex: Fix buffer overflows in label truncation.
  - From: Gerrit

References:
- [haiku-commits] Change in haiku[master]: Cortex: Fix buffer overflows in label truncation.
  - From: Gerrit

[haiku-commits] Change in haiku[master]: Cortex: Fix buffer overflows in label truncation.

Other related posts: